{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-12T17:43:11.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.usenix.org/system/files/woot19-paper_schink.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-14236", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.usenix.org/system/files/woot19-paper_schink.pdf", "refsource": "MISC", "url": "https://www.usenix.org/system/files/woot19-paper_schink.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:12:43.438Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.usenix.org/system/files/woot19-paper_schink.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-14236", "datePublished": "2019-09-12T17:43:11.000Z", "dateReserved": "2019-07-22T00:00:00.000Z", "dateUpdated": "2024-08-05T00:12:43.438Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32l0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E8173AA-028B-44C2-81C0-B216289CFFC1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32l0:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB597A37-93DE-445A-BD00-9F5593BEC0FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32l1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6CBFC4A-597C-4CFB-B84C-058E3B1E6D2D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32l1:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEDC40CE-9909-4F22-A8BD-1074C89440DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32f4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C862BA8C-8B56-4326-B912-2FDF80549651", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32f4:-:*:*:*:*:*:*:*", "matchCriteriaId": "440D2164-B326-4399-94C2-67705F0046AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32l4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D00F3B0-486C-4B40-9E10-DCFBFBC5AA98", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32l4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E10B907C-88E9-402C-96F5-8D30F06CB26C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32f7_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EF9C325-7B9D-45F5-9CD0-684B87A82D60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32f7:-:*:*:*:*:*:*:*", "matchCriteriaId": "8059CBFB-6323-4CC2-979C-1A01433C01A9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32h7_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C0FCD79-5A82-40AF-B221-2EF6601D92F2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32h7:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE2F16E8-9CEC-4F15-B6E6-F5006DE30B5F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution."}, {"lang": "es", "value": "En los dispositivos STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7 y STM32H7, Proprietary Code Read Out Protection (PCROP) (un m\u00e9todo de protecci\u00f3n IP de software) puede ser superado observando los registros de la CPU y el efecto de la ejecuci\u00f3n de c\u00f3digo e instrucci\u00f3n."}], "id": "CVE-2019-14236", "lastModified": "2024-11-21T04:26:15.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-12T18:15:11.927", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://www.usenix.org/system/files/woot19-paper_schink.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://www.usenix.org/system/files/woot19-paper_schink.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}