V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2019-14238
CVE
Medium

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with …

CVSS
6.6
Medium
EPSS
0.00
p31
Published
2019-01-01
Updated
2019-01-01
Description

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.

Tags · CWE
CWE-287
CAPEC-22
CAPEC-57
CAPEC-94
CAPEC-114
CAPEC-115
CAPEC-151
CAPEC-194
CAPEC-593
CAPEC-633
CAPEC-650
Affected products
Stm32f4_firmwareStm32f7_firmwareStm32h7_firmwareStm32l0_firmwareStm32l1_firmwareStm32l4_firmware
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
2019-01-01
Published
2019-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: P
Physical (P)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.004 · p31
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-57 · CWE-287
└ via CAPEC-633 · CWE-287
└ via CAPEC-593 · CWE-287
└ via CAPEC-650 · CWE-287
└ via CAPEC-114 · CWE-287
└ via CAPEC-593 · CWE-287
└ via CAPEC-94 · CWE-287
└ via CAPEC-593 · CWE-287
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
St
Stm32f4Stm32f4 FirmwareStm32f7Stm32f7 FirmwareStm32h7Stm32h7 FirmwareStm32l0Stm32l0 FirmwareStm32l1Stm32l1 Firmware+2
ProductVendorStatus
stm32f4_firmware*Tracked
stm32f7_firmware*Tracked
stm32h7_firmware*Tracked
stm32l0_firmware*Tracked
stm32l1_firmware*Tracked
stm32l4_firmware*Tracked
Source databases
CVE