Details of VAR-201809-0048

ID

VAR-201809-0048

CVE

CVE-2017-18347

TITLE

STMicroelectronics STM32F0 Series device race condition vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-010722

DESCRIPTION

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection. STMicroelectronics STM32F0 Series devices contain a race condition vulnerability.Information may be obtained. STMicroelectronics STM32F0 is a microcontroller device from the STM32F0 series. A security vulnerability exists in STMicroelectronics STM32F0 due to improper access control implemented by programs in RDP Level 1

Trust: 1.71

sources: NVD: CVE-2017-18347 // JVNDB: JVNDB-2018-010722 // VULHUB: VHN-109460

AFFECTED PRODUCTS

vendor:	st	model:	stm32f070c6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f042c4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f071v8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f058t8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f030cc	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f038g6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f091cb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f091cc	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f048g6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f030rc	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f098cc	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f042c6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f091vb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f038f6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f072vb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f070cb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f048c6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f031k4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f072rb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f042f4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f031f6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f072c8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f038c6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f051r8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f031c6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f031g6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f098vc	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f058r8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f051c4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f098rc	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f071cb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f042k6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f030f4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f072v8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f072cb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f078cb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f051r4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f031f4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f072r8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f071vb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f051k6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f042t6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f038k6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f078vb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f031g4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f091vc	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f042g6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f071c8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f070rb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f031c4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f030c8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f042f6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f030k6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f051c8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f030r8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f091rb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f042k4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f058c8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f051r6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f071rb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f048t6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f038e6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f051k4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f031e6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f042g4	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f030c6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f051t8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f091rc	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f051k8	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f078rb	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f070f6	scope:	eq	version:	-	Trust: 1.0
vendor:	st	model:	stm32f051c6	scope:	eq	version:	-	Trust: 1.0
vendor:	stmicroelectronics	model:	stm32f0	scope:	-	version:	-	Trust: 0.8
vendor:	stmicroelectronics	model:	stm32f030c8	scope:	eq	version:	-	Trust: 0.6
vendor:	stmicroelectronics	model:	stm32f030r8	scope:	eq	version:	-	Trust: 0.6
vendor:	stmicroelectronics	model:	stm32f031k4	scope:	eq	version:	-	Trust: 0.6
vendor:	stmicroelectronics	model:	stm32f030rc	scope:	eq	version:	-	Trust: 0.6
vendor:	stmicroelectronics	model:	stm32f030f4	scope:	eq	version:	-	Trust: 0.6
vendor:	stmicroelectronics	model:	stm32f030cc	scope:	eq	version:	-	Trust: 0.6
vendor:	stmicroelectronics	model:	stm32f031c4	scope:	eq	version:	-	Trust: 0.6
vendor:	stmicroelectronics	model:	stm32f031c6	scope:	eq	version:	-	Trust: 0.6
vendor:	stmicroelectronics	model:	stm32f030c6	scope:	eq	version:	-	Trust: 0.6
vendor:	stmicroelectronics	model:	stm32f030k6	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2018-010722 // CNNVD: CNNVD-201809-632 // NVD: CVE-2017-18347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18347
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-18347
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201809-632
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-109460
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-18347
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-109460
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-18347
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2017-18347
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-109460 // JVNDB: JVNDB-2018-010722 // CNNVD: CNNVD-201809-632 // NVD: CVE-2017-18347

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-109460 // JVNDB: JVNDB-2018-010722 // NVD: CVE-2017-18347

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-632

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201809-632

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010722

PATCH

title:

readout protection cracked on STM32

url:

https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32

Trust: 0.8

sources: JVNDB: JVNDB-2018-010722

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18347	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-010722	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-632	Trust: 0.6
db:	VULHUB	id:	VHN-109460	Trust: 0.1

sources: VULHUB: VHN-109460 // JVNDB: JVNDB-2018-010722 // CNNVD: CNNVD-201809-632 // NVD: CVE-2017-18347

REFERENCES

url:	https://www.aisec.fraunhofer.de/en/firmwareprotection.html	Trust: 2.5
url:	https://community.st.com/s/question/0d50x00009xke7asab/readout-protection-cracked-on-stm32	Trust: 1.7
url:	https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18347	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18347	Trust: 0.8

sources: VULHUB: VHN-109460 // JVNDB: JVNDB-2018-010722 // CNNVD: CNNVD-201809-632 // NVD: CVE-2017-18347

SOURCES

db:	VULHUB	id:	VHN-109460
db:	JVNDB	id:	JVNDB-2018-010722
db:	CNNVD	id:	CNNVD-201809-632
db:	NVD	id:	CVE-2017-18347

LAST UPDATE DATE

2024-11-23T22:41:41.759000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-109460	date:	2018-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-010722	date:	2018-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201809-632	date:	2021-05-06T00:00:00
db:	NVD	id:	CVE-2017-18347	date:	2024-11-21T03:19:53.833

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-109460	date:	2018-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-010722	date:	2018-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201809-632	date:	2018-09-13T00:00:00
db:	NVD	id:	CVE-2017-18347	date:	2018-09-12T15:29:00.233