OpenCVE

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
St	Stm32cubel4 Firmware Stm32l412c8 Stm32l412cb Stm32l412k8 Stm32l412kb Stm32l412r8 Stm32l412rb Stm32l412t8 Stm32l412tb Stm32l422cb Stm32l422kb Stm32l422rb Stm32l422tb Stm32l431cb Stm32l431cc Stm32l431kb Stm32l431kc Stm32l431rb Stm32l431rc Stm32l431vc Stm32l432kb Stm32l432kc Stm32l433cb Stm32l433cc Stm32l433rb Stm32l433rc Stm32l433vc Stm32l442kc Stm32l443cc Stm32l443rc Stm32l443vc Stm32l451cc Stm32l451ce Stm32l451rc Stm32l451re Stm32l451vc Stm32l451ve Stm32l452cc Stm32l452ce Stm32l452rc Stm32l452re Stm32l452vc Stm32l452ve Stm32l462ce Stm32l462re Stm32l462ve Stm32l471qe Stm32l471qg Stm32l471re Stm32l471rg Stm32l471ve Stm32l471vg Stm32l471ze Stm32l471zg Stm32l475rc Stm32l475re Stm32l475rg Stm32l475vc Stm32l475ve Stm32l475vg Stm32l476je Stm32l476jg Stm32l476me Stm32l476mg Stm32l476qe Stm32l476qg Stm32l476rc Stm32l476re Stm32l476rg Stm32l476vc Stm32l476ve Stm32l476vg Stm32l476ze Stm32l476zg Stm32l486jg Stm32l486qg Stm32l486rg Stm32l486vg Stm32l486zg Stm32l496ae Stm32l496ag Stm32l496qe Stm32l496qg Stm32l496re Stm32l496rg Stm32l496ve Stm32l496vg Stm32l496wg Stm32l496ze Stm32l496zg Stm32l4a6ag Stm32l4a6qg Stm32l4a6rg Stm32l4a6vg Stm32l4a6zg

Configuration 1 [-]

AND

OR	cpe:2.3:h:st:stm32l412c8:-:::::::*
	cpe:2.3:h:st:stm32l412cb:-:::::::*
	cpe:2.3:h:st:stm32l412k8:-:::::::*
	cpe:2.3:h:st:stm32l412kb:-:::::::*
	cpe:2.3:h:st:stm32l412r8:-:::::::*
	cpe:2.3:h:st:stm32l412rb:-:::::::*
	cpe:2.3:h:st:stm32l412t8:-:::::::*
	cpe:2.3:h:st:stm32l412tb:-:::::::*
	cpe:2.3:h:st:stm32l422cb:-:::::::*
	cpe:2.3:h:st:stm32l422kb:-:::::::*
	cpe:2.3:h:st:stm32l422rb:-:::::::*
	cpe:2.3:h:st:stm32l422tb:-:::::::*
	cpe:2.3:h:st:stm32l431cb:-:::::::*
	cpe:2.3:h:st:stm32l431cc:-:::::::*
	cpe:2.3:h:st:stm32l431kb:-:::::::*
	cpe:2.3:h:st:stm32l431kc:-:::::::*
	cpe:2.3:h:st:stm32l431rb:-:::::::*
	cpe:2.3:h:st:stm32l431rc:-:::::::*
	cpe:2.3:h:st:stm32l431vc:-:::::::*
	cpe:2.3:h:st:stm32l432kb:-:::::::*
	cpe:2.3:h:st:stm32l432kc:-:::::::*
	cpe:2.3:h:st:stm32l433cb:-:::::::*
	cpe:2.3:h:st:stm32l433cc:-:::::::*
	cpe:2.3:h:st:stm32l433rb:-:::::::*
	cpe:2.3:h:st:stm32l433rc:-:::::::*
	cpe:2.3:h:st:stm32l433vc:-:::::::*
	cpe:2.3:h:st:stm32l442kc:-:::::::*
	cpe:2.3:h:st:stm32l443cc:-:::::::*
	cpe:2.3:h:st:stm32l443rc:-:::::::*
	cpe:2.3:h:st:stm32l443vc:-:::::::*
	cpe:2.3:h:st:stm32l451cc:-:::::::*
	cpe:2.3:h:st:stm32l451ce:-:::::::*
	cpe:2.3:h:st:stm32l451rc:-:::::::*
	cpe:2.3:h:st:stm32l451re:-:::::::*
	cpe:2.3:h:st:stm32l451vc:-:::::::*
	cpe:2.3:h:st:stm32l451ve:-:::::::*
	cpe:2.3:h:st:stm32l452cc:-:::::::*
	cpe:2.3:h:st:stm32l452ce:-:::::::*
	cpe:2.3:h:st:stm32l452rc:-:::::::*
	cpe:2.3:h:st:stm32l452re:-:::::::*
	cpe:2.3:h:st:stm32l452vc:-:::::::*
	cpe:2.3:h:st:stm32l452ve:-:::::::*
	cpe:2.3:h:st:stm32l462ce:-:::::::*
	cpe:2.3:h:st:stm32l462re:-:::::::*
	cpe:2.3:h:st:stm32l462ve:-:::::::*
	cpe:2.3:h:st:stm32l471qe:-:::::::*
	cpe:2.3:h:st:stm32l471qg:-:::::::*
	cpe:2.3:h:st:stm32l471re:-:::::::*
	cpe:2.3:h:st:stm32l471rg:-:::::::*
	cpe:2.3:h:st:stm32l471ve:-:::::::*
	cpe:2.3:h:st:stm32l471vg:-:::::::*
	cpe:2.3:h:st:stm32l471ze:-:::::::*
	cpe:2.3:h:st:stm32l471zg:-:::::::*
	cpe:2.3:h:st:stm32l475rc:-:::::::*
	cpe:2.3:h:st:stm32l475re:-:::::::*
	cpe:2.3:h:st:stm32l475rg:-:::::::*
	cpe:2.3:h:st:stm32l475vc:-:::::::*
	cpe:2.3:h:st:stm32l475ve:-:::::::*
	cpe:2.3:h:st:stm32l475vg:-:::::::*
	cpe:2.3:h:st:stm32l476je:-:::::::*
	cpe:2.3:h:st:stm32l476jg:-:::::::*
	cpe:2.3:h:st:stm32l476me:-:::::::*
	cpe:2.3:h:st:stm32l476mg:-:::::::*
	cpe:2.3:h:st:stm32l476qe:-:::::::*
cpe:2.3:h:st:stm32l476qg:-:::::::*
cpe:2.3:h:st:stm32l476rc:-:::::::*
cpe:2.3:h:st:stm32l476re:-:::::::*
cpe:2.3:h:st:stm32l476rg:-:::::::*
cpe:2.3:h:st:stm32l476vc:-:::::::*
cpe:2.3:h:st:stm32l476ve:-:::::::*
cpe:2.3:h:st:stm32l476vg:-:::::::*
cpe:2.3:h:st:stm32l476ze:-:::::::*
cpe:2.3:h:st:stm32l476zg:-:::::::*
cpe:2.3:h:st:stm32l486jg:-:::::::*
cpe:2.3:h:st:stm32l486qg:-:::::::*
cpe:2.3:h:st:stm32l486rg:-:::::::*
cpe:2.3:h:st:stm32l486vg:-:::::::*
cpe:2.3:h:st:stm32l486zg:-:::::::*
cpe:2.3:h:st:stm32l496ae:-:::::::*
cpe:2.3:h:st:stm32l496ag:-:::::::*
cpe:2.3:h:st:stm32l496qe:-:::::::*
cpe:2.3:h:st:stm32l496qg:-:::::::*
cpe:2.3:h:st:stm32l496re:-:::::::*
cpe:2.3:h:st:stm32l496rg:-:::::::*
cpe:2.3:h:st:stm32l496ve:-:::::::*
cpe:2.3:h:st:stm32l496vg:-:::::::*
cpe:2.3:h:st:stm32l496wg:-:::::::*
cpe:2.3:h:st:stm32l496ze:-:::::::*
cpe:2.3:h:st:stm32l496zg:-:::::::*
cpe:2.3:h:st:stm32l4a6ag:-:::::::*
cpe:2.3:h:st:stm32l4a6qg:-:::::::*
cpe:2.3:h:st:stm32l4a6rg:-:::::::*
cpe:2.3:h:st:stm32l4a6vg:-:::::::*
cpe:2.3:h:st:stm32l4a6zg:-:::::::*

cpe:2.3:o:st:stm32cubel4_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://eprint.iacr.org/2021/640
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-21T11:48:27

Updated: 2024-08-04T16:11:35.939Z

Reserved: 2020-10-19T00:00:00

Link: CVE-2020-27212

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-21T12:15:07.730

Modified: 2021-06-08T19:17:26.110

Link: CVE-2020-27212

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object