Stm32l4 CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-29414	1 St	95 Stm32cubel4 Firmware, Stm32l412c8, Stm32l412cb and 92 more	2024-11-21	6.1 Medium
STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.
CVE-2020-27212	1 St	95 Stm32cubel4 Firmware, Stm32l412c8, Stm32l412cb and 92 more	2024-11-21	7.0 High
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.
CVE-2019-14238	1 St	12 Stm32f4, Stm32f4 Firmware, Stm32f7 and 9 more	2024-11-21	6.6 Medium
On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.
CVE-2019-14236	1 St	12 Stm32f4, Stm32f4 Firmware, Stm32f7 and 9 more	2024-11-21	9.8 Critical
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.

Page 1 of 1.