Strix
26.1K

CVE-2017-18347

MEDIUMCVSS 4.6/10EPSS 0.40%

Last modified

CVE-2017-18347 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.

Description

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

Metrics

CVSS 3.1
4.6/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.40%

31.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
StStm32f071rb FirmwareAll versions
StStm32f071v8 FirmwareAll versions
StStm32f071vb FirmwareAll versions
StStm32f072c8 FirmwareAll versions
StStm32f072cb FirmwareAll versions
StStm32f072r8 FirmwareAll versions
StStm32f072rb FirmwareAll versions
StStm32f072v8 FirmwareAll versions
StStm32f072vb FirmwareAll versions
StStm32f078cb FirmwareAll versions
StStm32f078rb FirmwareAll versions
StStm32f078vb FirmwareAll versions
StStm32f091cb FirmwareAll versions
StStm32f091cc FirmwareAll versions
StStm32f091rb FirmwareAll versions
StStm32f091rc FirmwareAll versions
StStm32f091vb FirmwareAll versions
StStm32f091vc FirmwareAll versions
StStm32f098cc FirmwareAll versions
StStm32f098rc FirmwareAll versions
StStm32f098vc FirmwareAll versions
StStm32f070c6 FirmwareAll versions
StStm32f070cb FirmwareAll versions
StStm32f070f6 FirmwareAll versions
StStm32f070rb FirmwareAll versions
StStm32f071c8 FirmwareAll versions
StStm32f071cb FirmwareAll versions
StStm32f051t8 FirmwareAll versions
StStm32f058c8 FirmwareAll versions
StStm32f058r8 FirmwareAll versions
StStm32f058t8 FirmwareAll versions
StStm32f051k4 FirmwareAll versions
StStm32f051k6 FirmwareAll versions
StStm32f051k8 FirmwareAll versions
StStm32f051r4 FirmwareAll versions
StStm32f051r6 FirmwareAll versions
StStm32f051r8 FirmwareAll versions
StStm32f042t6 FirmwareAll versions
StStm32f048c6 FirmwareAll versions
StStm32f048g6 FirmwareAll versions
StStm32f048t6 FirmwareAll versions
StStm32f051c4 FirmwareAll versions
StStm32f051c6 FirmwareAll versions
StStm32f051c8 FirmwareAll versions
StStm32f042f4 FirmwareAll versions
StStm32f042f6 FirmwareAll versions
StStm32f042g4 FirmwareAll versions
StStm32f042g6 FirmwareAll versions
StStm32f042k4 FirmwareAll versions
StStm32f042k6 FirmwareAll versions

Showing 50 of 72 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-18347?
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.
How severe is CVE-2017-18347?
CVE-2017-18347 has a CVSS score of 4.6/10 (MEDIUM severity). The EPSS model estimates a 0.40% probability of exploitation in the next 30 days.
How do I fix CVE-2017-18347?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-18347?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST