CVE-2020-13466
https://notcve.org/view.php?id=CVE-2020-13466
STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. Los dispositivos STMicroelectronics STM32F103 versiones hasta el 20-05-2020, permiten a atacantes físicos ejecutar código arbitrario por medio de un fallo de alimentación y una configuración de unidad patch/breakpoint flash específica • https://www.usenix.org/system/files/woot20-paper-obermaier.pdf •
CVE-2020-8004
https://notcve.org/view.php?id=CVE-2020-8004
STMicroelectronics STM32F1 devices have Incorrect Access Control. Los dispositivos STMicroelectronics STM32F1, presentan un Control de Acceso Incorrecto. • https://github.com/wuxx/CVE-2020-8004 https://blog.zapb.de/stm32f1-exceptional-failure •
CVE-2019-19192
https://notcve.org/view.php?id=CVE-2019-19192
The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets. La implementación de Bluetooth Low Energy en STMicroelectronics BLE Stack versiones hasta 1.3.1 para dispositivos STM32WB5x no maneja apropiadamente las peticiones consecutivas de Attribute Protocol (ATT) en la recepción, lo que permite a atacantes dentro del radio de alcance causar un punto muerto de evento o bloqueo por medio de paquetes diseñados. • https://asset-group.github.io/disclosures/sweyntooth • CWE-20: Improper Input Validation •
CVE-2019-16863
https://notcve.org/view.php?id=CVE-2019-16863
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. Los dispositivos STMicroelectronics ST33TPHF2ESPI TPM antes del 12-09-2019, permiten a atacantes extraer la clave privada ECDSA por medio de un ataque de sincronización de canal lateral porque la multiplicación escalar de ECDSA es manejada inapropiadamente, también se conoce como TPM-FAIL. • http://tpm.fail https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024 https://support.f5.com/csp/article/K32412503?utm_source=f5support&%3Butm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03972en_us https://support.lenovo.com/us/en/product_security/LEN-29406 https://www.st.com/content/st_com/en/campaigns/tpm-update.html • CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2019-14238
https://notcve.org/view.php?id=CVE-2019-14238
On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. En los dispositivos STMicroelectronics STM32F7, la Proprietary Code Read Out Protection (PCROP) (un método de protección IP de software) puede ser superada con una sonda de depuración por medio del bus Instruction Tightly Coupled Memory (ITCM). • https://www.usenix.org/conference/woot19/presentation/schink https://www.usenix.org/system/files/woot19-paper_schink.pdf • CWE-287: Improper Authentication •