← Back to CVEs
CVE-2019-14236
CRITICAL9.8
Description
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published9/12/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
st:stm32f4st:stm32f4_firmwarest:stm32f7st:stm32f7_firmwarest:stm32h7st:stm32h7_firmwarest:stm32l0st:stm32l0_firmwarest:stm32l1st:stm32l1_firmwarest:stm32l4st:stm32l4_firmware
Weaknesses (CWE)
CWE-863
References
https://www.usenix.org/system/files/woot19-paper_schink.pdf(cve@mitre.org)
https://www.usenix.org/system/files/woot19-paper_schink.pdf(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.