CVE-2019-14236
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.
En los dispositivos STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7 y STM32H7, Proprietary Code Read Out Protection (PCROP) (un método de protección IP de software) puede ser superado observando los registros de la CPU y el efecto de la ejecución de código e instrucción.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-07-22 CVE Reserved
- 2019-09-12 CVE Published
- 2023-12-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.usenix.org/system/files/woot19-paper_schink.pdf | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| St Search vendor "St" | Stm32l0 Firmware Search vendor "St" for product "Stm32l0 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32l0 Search vendor "St" for product "Stm32l0" | - | - |
Safe
|
| St Search vendor "St" | Stm32l1 Firmware Search vendor "St" for product "Stm32l1 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32l1 Search vendor "St" for product "Stm32l1" | - | - |
Safe
|
| St Search vendor "St" | Stm32f4 Firmware Search vendor "St" for product "Stm32f4 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32f4 Search vendor "St" for product "Stm32f4" | - | - |
Safe
|
| St Search vendor "St" | Stm32l4 Firmware Search vendor "St" for product "Stm32l4 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32l4 Search vendor "St" for product "Stm32l4" | - | - |
Safe
|
| St Search vendor "St" | Stm32f7 Firmware Search vendor "St" for product "Stm32f7 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32f7 Search vendor "St" for product "Stm32f7" | - | - |
Safe
|
| St Search vendor "St" | Stm32h7 Firmware Search vendor "St" for product "Stm32h7 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32h7 Search vendor "St" for product "Stm32h7" | - | - |
Safe
|