QwikSec

Security Database

CVE

CWE

Training

CVE-2017-18347

Published: Sep 12, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32

x_refsource_MISC

https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier

x_refsource_MISC

https://www.aisec.fraunhofer.de/en/FirmwareProtection.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.