Vulnerability CVE-2017-18347


Published: 2018-09-12

Description:
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

Type:

CWE-362

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Stmicroelectronics -> Stm32f038c6 firmware 
Stmicroelectronics -> Stm32f048t6 firmware 
Stmicroelectronics -> Stm32f070f6 firmware 
Stmicroelectronics -> Stm32f091cb firmware 
Stmicroelectronics -> Stm32f030c6 firmware 
Stmicroelectronics -> Stm32f038e6 firmware 
Stmicroelectronics -> Stm32f051c4 firmware 
Stmicroelectronics -> Stm32f070rb firmware 
Stmicroelectronics -> Stm32f091cc firmware 
Stmicroelectronics -> Stm32f030c8 firmware 
Stmicroelectronics -> Stm32f038f6 firmware 
Stmicroelectronics -> Stm32f051c6 firmware 
Stmicroelectronics -> Stm32f071c8 firmware 
Stmicroelectronics -> Stm32f091rb firmware 
Stmicroelectronics -> Stm32f030cc firmware 
Stmicroelectronics -> Stm32f038g6 firmware 
Stmicroelectronics -> Stm32f051c8 firmware 
Stmicroelectronics -> Stm32f071cb firmware 
Stmicroelectronics -> Stm32f091rc firmware 
Stmicroelectronics -> Stm32f030f4 firmware 
Stmicroelectronics -> Stm32f038k6 firmware 
Stmicroelectronics -> Stm32f051k4 firmware 
Stmicroelectronics -> Stm32f071rb firmware 
Stmicroelectronics -> Stm32f091vb firmware 
Stmicroelectronics -> Stm32f030k6 firmware 
Stmicroelectronics -> Stm32f042c4 firmware 
Stmicroelectronics -> Stm32f051k6 firmware 
Stmicroelectronics -> Stm32f071v8 firmware 
Stmicroelectronics -> Stm32f091vc firmware 
Stmicroelectronics -> Stm32f030r8 firmware 
Stmicroelectronics -> Stm32f042c6 firmware 
Stmicroelectronics -> Stm32f051k8 firmware 
Stmicroelectronics -> Stm32f071vb firmware 
Stmicroelectronics -> Stm32f098cc firmware 
Stmicroelectronics -> Stm32f030rc firmware 
Stmicroelectronics -> Stm32f042f4 firmware 
Stmicroelectronics -> Stm32f051r4 firmware 
Stmicroelectronics -> Stm32f072c8 firmware 
Stmicroelectronics -> Stm32f098rc firmware 
Stmicroelectronics -> Stm32f031c4 firmware 
Stmicroelectronics -> Stm32f042f6 firmware 
Stmicroelectronics -> Stm32f051r6 firmware 
Stmicroelectronics -> Stm32f072cb firmware 
Stmicroelectronics -> Stm32f098vc firmware 
Stmicroelectronics -> Stm32f031c6 firmware 
Stmicroelectronics -> Stm32f042g4 firmware 
Stmicroelectronics -> Stm32f051r8 firmware 
Stmicroelectronics -> Stm32f072r8 firmware 
Stmicroelectronics -> Stm32f031e6 firmware 
Stmicroelectronics -> Stm32f042g6 firmware 
Stmicroelectronics -> Stm32f051t8 firmware 
Stmicroelectronics -> Stm32f072rb firmware 
Stmicroelectronics -> Stm32f031f4 firmware 
Stmicroelectronics -> Stm32f042k4 firmware 
Stmicroelectronics -> Stm32f058c8 firmware 
Stmicroelectronics -> Stm32f072v8 firmware 
Stmicroelectronics -> Stm32f031f6 firmware 
Stmicroelectronics -> Stm32f042k6 firmware 
Stmicroelectronics -> Stm32f058r8 firmware 
Stmicroelectronics -> Stm32f072vb firmware 
Stmicroelectronics -> Stm32f031g4 firmware 
Stmicroelectronics -> Stm32f042t6 firmware 
Stmicroelectronics -> Stm32f058t8 firmware 
Stmicroelectronics -> Stm32f078cb firmware 
Stmicroelectronics -> Stm32f031g6 firmware 
Stmicroelectronics -> Stm32f048c6 firmware 
Stmicroelectronics -> Stm32f070c6 firmware 
Stmicroelectronics -> Stm32f078rb firmware 
Stmicroelectronics -> Stm32f031k4 firmware 
Stmicroelectronics -> Stm32f048g6 firmware 
Stmicroelectronics -> Stm32f070cb firmware 
Stmicroelectronics -> Stm32f078vb firmware 

 References:
https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier

Copyright 2024, cxsecurity.com

 

Back to Top