Sign-up

ID

VAR-201909-1027


CVE

CVE-2019-14238


TITLE

STMicroelectronics STM32F7 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-009683

DESCRIPTION

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. STMicroelectronics STM32F7 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. STMicroelectronics STM32F7 is a microcontroller for embedded systems from STMicroelectronics, Switzerland. A security vulnerability exists in STMicroelectronics STM32F7

Trust: 1.71

sources: NVD: CVE-2019-14238 // JVNDB: JVNDB-2019-009683 // VULHUB: VHN-146164

AFFECTED PRODUCTS

vendor:stmodel:stm32h7scope:eqversion: -

Trust: 2.2

vendor:stmodel:stm32l1scope:eqversion: -

Trust: 2.2

vendor:stmodel:stm32l4scope:eqversion: -

Trust: 2.2

vendor:stmodel:stm32f4scope:eqversion: -

Trust: 2.2

vendor:stmodel:stm32f7scope:eqversion: -

Trust: 2.2

vendor:stmodel:stm32l0scope:eqversion: -

Trust: 1.0

vendor:stmicroelectronicsmodel:stm32f4scope: - version: -

Trust: 0.8

vendor:stmicroelectronicsmodel:stm32f7scope: - version: -

Trust: 0.8

vendor:stmicroelectronicsmodel:stm32h7scope: - version: -

Trust: 0.8

vendor:stmicroelectronicsmodel:stm32l0scope: - version: -

Trust: 0.8

vendor:stmicroelectronicsmodel:stm32l1scope: - version: -

Trust: 0.8

vendor:stmicroelectronicsmodel:stm32l4scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-009683 // CNNVD: CNNVD-201909-1087 // NVD: CVE-2019-14238

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14238
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-14238
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-1087
value: MEDIUM

Trust: 0.6

VULHUB: VHN-146164
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-14238
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-146164
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14238
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-14238
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-146164 // JVNDB: JVNDB-2019-009683 // CNNVD: CNNVD-201909-1087 // NVD: CVE-2019-14238

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-146164 // JVNDB: JVNDB-2019-009683 // NVD: CVE-2019-14238

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201909-1087

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009683

PATCH
title:トップページurl:https://www.st.com/content/st_com/ja.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-009683

EXTERNAL IDS
db:NVDid:CVE-2019-14238
Trust: 2.5
db:JVNDBid:JVNDB-2019-009683
Trust: 0.8
db:CNNVDid:CNNVD-201909-1087
Trust: 0.7
db:VULHUBid:VHN-146164
Trust: 0.1
sources:
            
            
            VULHUB: VHN-146164 // 
            
            
            
            JVNDB: JVNDB-2019-009683 // 
            
            
            
            CNNVD: CNNVD-201909-1087 // 
            
            
            
            NVD: CVE-2019-14238

REFERENCES
url:https://www.usenix.org/system/files/woot19-paper_schink.pdf
Trust: 2.5
url:https://www.usenix.org/conference/woot19/presentation/schink
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-14238
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14238
Trust: 0.8
sources:
            
            
            VULHUB: VHN-146164 // 
            
            
            
            JVNDB: JVNDB-2019-009683 // 
            
            
            
            CNNVD: CNNVD-201909-1087 // 
            
            
            
            NVD: CVE-2019-14238

SOURCES
db:VULHUBid:VHN-146164
db:JVNDBid:JVNDB-2019-009683
db:CNNVDid:CNNVD-201909-1087
db:NVDid:CVE-2019-14238

LAST UPDATE DATE
2024-11-23T23:04:38.097000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-146164date:2019-09-25T00:00:00
db:JVNDBid:JVNDB-2019-009683date:2019-09-26T00:00:00
db:CNNVDid:CNNVD-201909-1087date:2019-09-30T00:00:00
db:NVDid:CVE-2019-14238date:2024-11-21T04:26:16.173

SOURCES RELEASE DATE
db:VULHUBid:VHN-146164date:2019-09-24T00:00:00
db:JVNDBid:JVNDB-2019-009683date:2019-09-26T00:00:00
db:CNNVDid:CNNVD-201909-1087date:2019-09-24T00:00:00
db:NVDid:CVE-2019-14238date:2019-09-24T18:15:10.797