CVE-2019-14238
Severity Score
6.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.
En los dispositivos STMicroelectronics STM32F7, la Proprietary Code Read Out Protection (PCROP) (un método de protección IP de software) puede ser superada con una sonda de depuración por medio del bus Instruction Tightly Coupled Memory (ITCM).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-07-22 CVE Reserved
- 2019-09-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.usenix.org/conference/woot19/presentation/schink | 2024-08-05 | |
| https://www.usenix.org/system/files/woot19-paper_schink.pdf | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| St Search vendor "St" | Stm32l0 Firmware Search vendor "St" for product "Stm32l0 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32l0 Search vendor "St" for product "Stm32l0" | - | - |
Safe
|
| St Search vendor "St" | Stm32l1 Firmware Search vendor "St" for product "Stm32l1 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32l1 Search vendor "St" for product "Stm32l1" | - | - |
Safe
|
| St Search vendor "St" | Stm32f4 Firmware Search vendor "St" for product "Stm32f4 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32f4 Search vendor "St" for product "Stm32f4" | - | - |
Safe
|
| St Search vendor "St" | Stm32l4 Firmware Search vendor "St" for product "Stm32l4 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32l4 Search vendor "St" for product "Stm32l4" | - | - |
Safe
|
| St Search vendor "St" | Stm32f7 Firmware Search vendor "St" for product "Stm32f7 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32f7 Search vendor "St" for product "Stm32f7" | - | - |
Safe
|
| St Search vendor "St" | Stm32h7 Firmware Search vendor "St" for product "Stm32h7 Firmware" | - | - |
Affected
| in | St Search vendor "St" | Stm32h7 Search vendor "St" for product "Stm32h7" | - | - |
Safe
|