CVE-2017-18347 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.6 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Vendor	Product	Version
st	stm32f071rb_firmware	-
st	stm32f071v8_firmware	-
st	stm32f071vb_firmware	-
st	stm32f072c8_firmware	-
st	stm32f072cb_firmware	-
st	stm32f072r8_firmware	-
st	stm32f072rb_firmware	-
st	stm32f072v8_firmware	-
st	stm32f072vb_firmware	-
st	stm32f078cb_firmware	-
st	stm32f078rb_firmware	-
st	stm32f078vb_firmware	-
st	stm32f091cb_firmware	-
st	stm32f091cc_firmware	-
st	stm32f091rb_firmware	-
st	stm32f091rc_firmware	-
st	stm32f091vb_firmware	-
st	stm32f091vc_firmware	-
st	stm32f098cc_firmware	-
st	stm32f098rc_firmware	-
st	stm32f098vc_firmware	-
st	stm32f070c6_firmware	-
st	stm32f070cb_firmware	-
st	stm32f070f6_firmware	-
st	stm32f070rb_firmware	-
st	stm32f071c8_firmware	-
st	stm32f071cb_firmware	-
st	stm32f051t8_firmware	-
st	stm32f058c8_firmware	-
st	stm32f058r8_firmware	-
st	stm32f058t8_firmware	-
st	stm32f070c6_firmware	-
st	stm32f051k4_firmware	-
st	stm32f051k6_firmware	-
st	stm32f051k8_firmware	-
st	stm32f051r4_firmware	-
st	stm32f051r6_firmware	-
st	stm32f051r8_firmware	-
st	stm32f042t6_firmware	-
st	stm32f048c6_firmware	-
st	stm32f048g6_firmware	-
st	stm32f048t6_firmware	-
st	stm32f051c4_firmware	-
st	stm32f051c6_firmware	-
st	stm32f051c8_firmware	-
st	stm32f042f4_firmware	-
st	stm32f042f6_firmware	-
st	stm32f042g4_firmware	-
st	stm32f042g6_firmware	-
st	stm32f042k4_firmware	-
st	stm32f042k6_firmware	-
st	stm32f038c6_firmware	-
st	stm32f038e6_firmware	-
st	stm32f038f6_firmware	-
st	stm32f038g6_firmware	-
st	stm32f038k6_firmware	-
st	stm32f042c4_firmware	-
st	stm32f042c6_firmware	-
st	stm32f031e6_firmware	-
st	stm32f031f4_firmware	-
st	stm32f031f6_firmware	-
st	stm32f031g4_firmware	-
st	stm32f031g6_firmware	-
st	stm32f031k4_firmware	-
st	stm32f030f4_firmware	-
st	stm32f030k6_firmware	-
st	stm32f030r8_firmware	-
st	stm32f030rc_firmware	-
st	stm32f031c4_firmware	-
st	stm32f031c6_firmware	-
st	stm32f030c6_firmware	-
st	stm32f030c8_firmware	-
st	stm32f030cc_firmware	-

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32

https://www.aisec.fraunhofer.de/en/FirmwareProtection.html

https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier

https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32

https://www.aisec.fraunhofer.de/en/FirmwareProtection.html

https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier