CVE-2017-18347

moderate-risk
Published 2018-09-12

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10 Medium
PHYSICAL / LOW complexity

Affected Products (20)

Stm32F071Rb Firmware
Stm32F071V8 Firmware
Stm32F071Vb Firmware
Stm32F072C8 Firmware
Stm32F072Cb Firmware
Stm32F072R8 Firmware
Stm32F072Rb Firmware
Stm32F072V8 Firmware
Stm32F072Vb Firmware
Stm32F078Cb Firmware
Stm32F078Rb Firmware
Stm32F078Vb Firmware
Stm32F091Cb Firmware
Stm32F091Cc Firmware
Stm32F091Rb Firmware
Stm32F091Rc Firmware
Stm32F091Vb Firmware
Stm32F091Vc Firmware
Stm32F098Cc Firmware
Stm32F098Rc Firmware

Affected Vendors

St

References (6)

Vendor Advisory https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracke...
Exploit https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Exploit https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier
Vendor Advisory https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracke...
Exploit https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Exploit https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier
44
/ 100
moderate-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 28/34 · Critical