CVE-2017-18347
N/A
N/A
Summary
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32
- https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier
- https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
References
- https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32
- https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier
- https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.