Vulnerability Details : CVE-2017-18347
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.
Products affected by CVE-2017-18347
- cpe:2.3:o:st:stm32f071rb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f071v8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f071vb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f072c8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f072cb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f072r8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f072rb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f072v8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f072vb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f078cb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f078rb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f078vb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f091cb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f091cc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f091rb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f091rc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f091vb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f091vc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f098cc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f098rc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f098vc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f070c6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f070cb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f070f6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f070rb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f071c8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f071cb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f051t8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f058c8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f058r8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f058t8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f051k4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f051k6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f051k8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f051r4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f051r6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f051r8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f042t6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f048c6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f048g6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f048t6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f051c4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f051c6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f051c8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f042f4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f042f6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f042g4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f042g6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f042k4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f042k6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f038c6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f038e6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f038f6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f038g6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f038k6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f042c4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f042c6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f031e6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f031f4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f031f6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f031g4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f031g6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f031k4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f030f4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f030k6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f030r8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f030rc_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f031c4_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f031c6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f030c6_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f030c8_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:st:stm32f030cc_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-18347
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-18347
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:N/A:N |
3.9
|
6.9
|
NIST | |
4.6
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.9
|
3.6
|
NIST |
CWE ids for CVE-2017-18347
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18347
-
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Shedding too much Light on a Microcontroller’s Firmware Protection - Fraunhofer AISECExploit;Third Party Advisory
-
https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier
Shedding too much Light on a Microcontroller's Firmware Protection | USENIXExploit;Third Party Advisory
-
https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32
readout protection cracked on STM32Vendor Advisory
Jump to