{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-24T18:00:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.usenix.org/system/files/woot19-paper_schink.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.usenix.org/conference/woot19/presentation/schink"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-14238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.usenix.org/system/files/woot19-paper_schink.pdf", "refsource": "MISC", "url": "https://www.usenix.org/system/files/woot19-paper_schink.pdf"}, {"name": "https://www.usenix.org/conference/woot19/presentation/schink", "refsource": "MISC", "url": "https://www.usenix.org/conference/woot19/presentation/schink"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-14238", "datePublished": "2019-09-24T18:00:20", "dateReserved": "2019-07-22T00:00:00", "dateUpdated": "2019-09-24T18:00:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32l0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E8173AA-028B-44C2-81C0-B216289CFFC1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32l0:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB597A37-93DE-445A-BD00-9F5593BEC0FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32l1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6CBFC4A-597C-4CFB-B84C-058E3B1E6D2D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32l1:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEDC40CE-9909-4F22-A8BD-1074C89440DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32f4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C862BA8C-8B56-4326-B912-2FDF80549651", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32f4:-:*:*:*:*:*:*:*", "matchCriteriaId": "440D2164-B326-4399-94C2-67705F0046AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32l4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D00F3B0-486C-4B40-9E10-DCFBFBC5AA98", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32l4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E10B907C-88E9-402C-96F5-8D30F06CB26C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32f7_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EF9C325-7B9D-45F5-9CD0-684B87A82D60", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32f7:-:*:*:*:*:*:*:*", "matchCriteriaId": "8059CBFB-6323-4CC2-979C-1A01433C01A9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:st:stm32h7_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C0FCD79-5A82-40AF-B221-2EF6601D92F2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:st:stm32h7:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE2F16E8-9CEC-4F15-B6E6-F5006DE30B5F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus."}, {"lang": "es", "value": "En los dispositivos STMicroelectronics STM32F7, la Proprietary Code Read Out Protection (PCROP) (un m\u00e9todo de protecci\u00f3n IP de software) puede ser superada con una sonda de depuraci\u00f3n por medio del bus Instruction Tightly Coupled Memory (ITCM)."}], "id": "CVE-2019-14238", "lastModified": "2019-09-25T13:32:08.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-24T18:15:10.797", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.usenix.org/conference/woot19/presentation/schink"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://www.usenix.org/system/files/woot19-paper_schink.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}