CVE-2021-29414 - Vulnerability Details

Description

STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.

Published: 2021-05-21

Score: 6.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:st:stm32cubel4_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:st:stm32l412c8:-:::::::*
	cpe:2.3:h:st:stm32l412cb:-:::::::*
	cpe:2.3:h:st:stm32l412k8:-:::::::*
	cpe:2.3:h:st:stm32l412kb:-:::::::*
	cpe:2.3:h:st:stm32l412r8:-:::::::*
	cpe:2.3:h:st:stm32l412rb:-:::::::*
	cpe:2.3:h:st:stm32l412t8:-:::::::*
	cpe:2.3:h:st:stm32l412tb:-:::::::*
	cpe:2.3:h:st:stm32l422cb:-:::::::*
	cpe:2.3:h:st:stm32l422kb:-:::::::*
	cpe:2.3:h:st:stm32l422rb:-:::::::*
	cpe:2.3:h:st:stm32l422tb:-:::::::*
	cpe:2.3:h:st:stm32l431cb:-:::::::*
	cpe:2.3:h:st:stm32l431cc:-:::::::*
	cpe:2.3:h:st:stm32l431kb:-:::::::*
	cpe:2.3:h:st:stm32l431kc:-:::::::*
	cpe:2.3:h:st:stm32l431rb:-:::::::*
	cpe:2.3:h:st:stm32l431rc:-:::::::*
	cpe:2.3:h:st:stm32l431vc:-:::::::*
	cpe:2.3:h:st:stm32l432kb:-:::::::*
	cpe:2.3:h:st:stm32l432kc:-:::::::*
	cpe:2.3:h:st:stm32l433cb:-:::::::*
	cpe:2.3:h:st:stm32l433cc:-:::::::*
	cpe:2.3:h:st:stm32l433rb:-:::::::*
	cpe:2.3:h:st:stm32l433rc:-:::::::*
	cpe:2.3:h:st:stm32l433vc:-:::::::*
	cpe:2.3:h:st:stm32l442kc:-:::::::*
	cpe:2.3:h:st:stm32l443cc:-:::::::*
	cpe:2.3:h:st:stm32l443rc:-:::::::*
	cpe:2.3:h:st:stm32l443vc:-:::::::*
	cpe:2.3:h:st:stm32l451cc:-:::::::*
	cpe:2.3:h:st:stm32l451ce:-:::::::*
	cpe:2.3:h:st:stm32l451rc:-:::::::*
	cpe:2.3:h:st:stm32l451re:-:::::::*
	cpe:2.3:h:st:stm32l451vc:-:::::::*
	cpe:2.3:h:st:stm32l451ve:-:::::::*
	cpe:2.3:h:st:stm32l452cc:-:::::::*
	cpe:2.3:h:st:stm32l452ce:-:::::::*
	cpe:2.3:h:st:stm32l452rc:-:::::::*
	cpe:2.3:h:st:stm32l452re:-:::::::*
	cpe:2.3:h:st:stm32l452vc:-:::::::*
	cpe:2.3:h:st:stm32l452ve:-:::::::*
	cpe:2.3:h:st:stm32l462ce:-:::::::*
	cpe:2.3:h:st:stm32l462re:-:::::::*
	cpe:2.3:h:st:stm32l462ve:-:::::::*
	cpe:2.3:h:st:stm32l471qe:-:::::::*
	cpe:2.3:h:st:stm32l471qg:-:::::::*
	cpe:2.3:h:st:stm32l471re:-:::::::*
	cpe:2.3:h:st:stm32l471rg:-:::::::*
	cpe:2.3:h:st:stm32l471ve:-:::::::*
	cpe:2.3:h:st:stm32l471vg:-:::::::*
	cpe:2.3:h:st:stm32l471ze:-:::::::*
	cpe:2.3:h:st:stm32l471zg:-:::::::*
	cpe:2.3:h:st:stm32l475rc:-:::::::*
	cpe:2.3:h:st:stm32l475re:-:::::::*
	cpe:2.3:h:st:stm32l475rg:-:::::::*
	cpe:2.3:h:st:stm32l475vc:-:::::::*
	cpe:2.3:h:st:stm32l475ve:-:::::::*
	cpe:2.3:h:st:stm32l475vg:-:::::::*
	cpe:2.3:h:st:stm32l476je:-:::::::*
	cpe:2.3:h:st:stm32l476jg:-:::::::*
	cpe:2.3:h:st:stm32l476me:-:::::::*
	cpe:2.3:h:st:stm32l476mg:-:::::::*
	cpe:2.3:h:st:stm32l476qe:-:::::::*
cpe:2.3:h:st:stm32l476qg:-:::::::*
cpe:2.3:h:st:stm32l476rc:-:::::::*
cpe:2.3:h:st:stm32l476re:-:::::::*
cpe:2.3:h:st:stm32l476rg:-:::::::*
cpe:2.3:h:st:stm32l476vc:-:::::::*
cpe:2.3:h:st:stm32l476ve:-:::::::*
cpe:2.3:h:st:stm32l476vg:-:::::::*
cpe:2.3:h:st:stm32l476ze:-:::::::*
cpe:2.3:h:st:stm32l476zg:-:::::::*
cpe:2.3:h:st:stm32l486jg:-:::::::*
cpe:2.3:h:st:stm32l486qg:-:::::::*
cpe:2.3:h:st:stm32l486rg:-:::::::*
cpe:2.3:h:st:stm32l486vg:-:::::::*
cpe:2.3:h:st:stm32l486zg:-:::::::*
cpe:2.3:h:st:stm32l496ae:-:::::::*
cpe:2.3:h:st:stm32l496ag:-:::::::*
cpe:2.3:h:st:stm32l496qe:-:::::::*
cpe:2.3:h:st:stm32l496qg:-:::::::*
cpe:2.3:h:st:stm32l496re:-:::::::*
cpe:2.3:h:st:stm32l496rg:-:::::::*
cpe:2.3:h:st:stm32l496ve:-:::::::*
cpe:2.3:h:st:stm32l496vg:-:::::::*
cpe:2.3:h:st:stm32l496wg:-:::::::*
cpe:2.3:h:st:stm32l496ze:-:::::::*
cpe:2.3:h:st:stm32l496zg:-:::::::*
cpe:2.3:h:st:stm32l4a6ag:-:::::::*
cpe:2.3:h:st:stm32l4a6qg:-:::::::*
cpe:2.3:h:st:stm32l4a6rg:-:::::::*
cpe:2.3:h:st:stm32l4a6vg:-:::::::*
cpe:2.3:h:st:stm32l4a6zg:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-16049	STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://eprint.iacr.org/2021/640
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
https://www.sit.fraunhofer.de/en/news-events/downloads-services/cve/

History

No history.

Subscriptions

St Stm32cubel4 Firmware Stm32l412c8 Stm32l412cb Stm32l412k8 Stm32l412kb Stm32l412r8 Stm32l412rb Stm32l412t8 Stm32l412tb Stm32l422cb Stm32l422kb Stm32l422rb Stm32l422tb Stm32l431cb Stm32l431cc Stm32l431kb Stm32l431kc Stm32l431rb Stm32l431rc Stm32l431vc Stm32l432kb Stm32l432kc Stm32l433cb Stm32l433cc Stm32l433rb Stm32l433rc Stm32l433vc Stm32l442kc Stm32l443cc Stm32l443rc Stm32l443vc Stm32l451cc Stm32l451ce Stm32l451rc Stm32l451re Stm32l451vc Stm32l451ve Stm32l452cc Stm32l452ce Stm32l452rc Stm32l452re Stm32l452vc Stm32l452ve Stm32l462ce Stm32l462re Stm32l462ve Stm32l471qe Stm32l471qg Stm32l471re Stm32l471rg Stm32l471ve Stm32l471vg Stm32l471ze Stm32l471zg Stm32l475rc Stm32l475re Stm32l475rg Stm32l475vc Stm32l475ve Stm32l475vg Stm32l476je Stm32l476jg Stm32l476me Stm32l476mg Stm32l476qe Stm32l476qg Stm32l476rc Stm32l476re Stm32l476rg Stm32l476vc Stm32l476ve Stm32l476vg Stm32l476ze Stm32l476zg Stm32l486jg Stm32l486qg Stm32l486rg Stm32l486vg Stm32l486zg Stm32l496ae Stm32l496ag Stm32l496qe Stm32l496qg Stm32l496re Stm32l496rg Stm32l496ve Stm32l496vg Stm32l496wg Stm32l496ze Stm32l496zg Stm32l4a6ag Stm32l4a6qg Stm32l4a6rg Stm32l4a6vg Stm32l4a6zg

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-21T11:38:34.000Z

Updated: 2024-08-03T22:02:51.868Z

Reserved: 2021-03-29T00:00:00.000Z

Link: CVE-2021-29414

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-21T12:15:07.923

Modified: 2024-11-21T06:01:03.067

Link: CVE-2021-29414

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-74

Tracking

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object