Sign-up

ID

VAR-201909-1025


CVE

CVE-2019-14236


TITLE

plural STMicroelectronics Unauthorized authentication vulnerabilities in product devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-009332

DESCRIPTION

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution. plural STMicroelectronics Product devices contain unauthorized authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities exist in several STMicroelectronics products. An attacker could exploit this vulnerability to bypass proprietary Code Readout Protection (PCROP). The following products and versions are affected: STMicroelectronics STM32L0; STM32L1; STM32L4; STM32F4; STM32F7; STM32H7

Trust: 1.71

sources: NVD: CVE-2019-14236 // JVNDB: JVNDB-2019-009332 // VULHUB: VHN-146162

AFFECTED PRODUCTS

vendor:stmodel:stm32h7scope:eqversion: -

Trust: 2.2

vendor:stmodel:stm32l1scope:eqversion: -

Trust: 2.2

vendor:stmodel:stm32l4scope:eqversion: -

Trust: 2.2

vendor:stmodel:stm32f4scope:eqversion: -

Trust: 2.2

vendor:stmodel:stm32f7scope:eqversion: -

Trust: 2.2

vendor:stmodel:stm32l0scope:eqversion: -

Trust: 1.0

vendor:stmicroelectronicsmodel:stm32f4scope: - version: -

Trust: 0.8

vendor:stmicroelectronicsmodel:stm32f7scope: - version: -

Trust: 0.8

vendor:stmicroelectronicsmodel:stm32h7scope: - version: -

Trust: 0.8

vendor:stmicroelectronicsmodel:stm32l0scope: - version: -

Trust: 0.8

vendor:stmicroelectronicsmodel:stm32l1scope: - version: -

Trust: 0.8

vendor:stmicroelectronicsmodel:stm32l4scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-009332 // CNNVD: CNNVD-201909-648 // NVD: CVE-2019-14236

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14236
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-14236
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201909-648
value: MEDIUM

Trust: 0.6

VULHUB: VHN-146162
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-14236
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-146162
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14236
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-14236
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-146162 // JVNDB: JVNDB-2019-009332 // CNNVD: CNNVD-201909-648 // NVD: CVE-2019-14236

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.9

sources: VULHUB: VHN-146162 // JVNDB: JVNDB-2019-009332 // NVD: CVE-2019-14236

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-648

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009332

PATCH
title:トップページurl:https://www.st.com/content/st_com/ja.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-009332

EXTERNAL IDS
db:NVDid:CVE-2019-14236
Trust: 2.5
db:JVNDBid:JVNDB-2019-009332
Trust: 0.8
db:CNNVDid:CNNVD-201909-648
Trust: 0.7
db:VULHUBid:VHN-146162
Trust: 0.1
sources:
            
            
            VULHUB: VHN-146162 // 
            
            
            
            JVNDB: JVNDB-2019-009332 // 
            
            
            
            CNNVD: CNNVD-201909-648 // 
            
            
            
            NVD: CVE-2019-14236

REFERENCES
url:https://www.usenix.org/system/files/woot19-paper_schink.pdf
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-14236
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14236
Trust: 0.8
sources:
            
            
            VULHUB: VHN-146162 // 
            
            
            
            JVNDB: JVNDB-2019-009332 // 
            
            
            
            CNNVD: CNNVD-201909-648 // 
            
            
            
            NVD: CVE-2019-14236

SOURCES
db:VULHUBid:VHN-146162
db:JVNDBid:JVNDB-2019-009332
db:CNNVDid:CNNVD-201909-648
db:NVDid:CVE-2019-14236

LAST UPDATE DATE
2024-11-23T22:55:26.677000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-146162date:2019-09-16T00:00:00
db:JVNDBid:JVNDB-2019-009332date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-648date:2019-09-27T00:00:00
db:NVDid:CVE-2019-14236date:2024-11-21T04:26:15.847

SOURCES RELEASE DATE
db:VULHUBid:VHN-146162date:2019-09-12T00:00:00
db:JVNDBid:JVNDB-2019-009332date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-648date:2019-09-12T00:00:00
db:NVDid:CVE-2019-14236date:2019-09-12T18:15:11.927