Vulnerability Details CVE-2020-27212
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.5%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 4.4
References
- https://eprint.iacr.org/2021/640
- https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
- https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
- https://eprint.iacr.org/2021/640
- https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
- https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Products affected by CVE-2020-27212
-
cpe:2.3:h:st:stm32l412c8:-
-
cpe:2.3:h:st:stm32l412cb:-
-
cpe:2.3:h:st:stm32l412k8:-
-
cpe:2.3:h:st:stm32l412kb:-
-
cpe:2.3:h:st:stm32l412r8:-
-
cpe:2.3:h:st:stm32l412rb:-
-
cpe:2.3:h:st:stm32l412t8:-
-
cpe:2.3:h:st:stm32l412tb:-
-
cpe:2.3:h:st:stm32l422cb:-
-
cpe:2.3:h:st:stm32l422kb:-
-
cpe:2.3:h:st:stm32l422rb:-
-
cpe:2.3:h:st:stm32l422tb:-
-
cpe:2.3:h:st:stm32l431cb:-
-
cpe:2.3:h:st:stm32l431cc:-
-
cpe:2.3:h:st:stm32l431kb:-
-
cpe:2.3:h:st:stm32l431kc:-
-
cpe:2.3:h:st:stm32l431rb:-
-
cpe:2.3:h:st:stm32l431rc:-
-
cpe:2.3:h:st:stm32l431vc:-
-
cpe:2.3:h:st:stm32l432kb:-
-
cpe:2.3:h:st:stm32l432kc:-
-
cpe:2.3:h:st:stm32l433cb:-
-
cpe:2.3:h:st:stm32l433cc:-
-
cpe:2.3:h:st:stm32l433rb:-
-
cpe:2.3:h:st:stm32l433rc:-
-
cpe:2.3:h:st:stm32l433vc:-
-
cpe:2.3:h:st:stm32l442kc:-
-
cpe:2.3:h:st:stm32l443cc:-
-
cpe:2.3:h:st:stm32l443rc:-
-
cpe:2.3:h:st:stm32l443vc:-
-
cpe:2.3:h:st:stm32l451cc:-
-
cpe:2.3:h:st:stm32l451ce:-
-
cpe:2.3:h:st:stm32l451rc:-
-
cpe:2.3:h:st:stm32l451re:-
-
cpe:2.3:h:st:stm32l451vc:-
-
cpe:2.3:h:st:stm32l451ve:-
-
cpe:2.3:h:st:stm32l452cc:-
-
cpe:2.3:h:st:stm32l452ce:-
-
cpe:2.3:h:st:stm32l452rc:-
-
cpe:2.3:h:st:stm32l452re:-
-
cpe:2.3:h:st:stm32l452vc:-
-
cpe:2.3:h:st:stm32l452ve:-
-
cpe:2.3:h:st:stm32l462ce:-
-
cpe:2.3:h:st:stm32l462re:-
-
cpe:2.3:h:st:stm32l462ve:-
-
cpe:2.3:h:st:stm32l471qe:-
-
cpe:2.3:h:st:stm32l471qg:-
-
cpe:2.3:h:st:stm32l471re:-
-
cpe:2.3:h:st:stm32l471rg:-
-
cpe:2.3:h:st:stm32l471ve:-
-
cpe:2.3:h:st:stm32l471vg:-
-
cpe:2.3:h:st:stm32l471ze:-
-
cpe:2.3:h:st:stm32l471zg:-
-
cpe:2.3:h:st:stm32l475rc:-
-
cpe:2.3:h:st:stm32l475re:-
-
cpe:2.3:h:st:stm32l475rg:-
-
cpe:2.3:h:st:stm32l475vc:-
-
cpe:2.3:h:st:stm32l475ve:-
-
cpe:2.3:h:st:stm32l475vg:-
-
cpe:2.3:h:st:stm32l476je:-
-
cpe:2.3:h:st:stm32l476jg:-
-
cpe:2.3:h:st:stm32l476me:-
-
cpe:2.3:h:st:stm32l476mg:-
-
cpe:2.3:h:st:stm32l476qe:-
-
cpe:2.3:h:st:stm32l476qg:-
-
cpe:2.3:h:st:stm32l476rc:-
-
cpe:2.3:h:st:stm32l476re:-
-
cpe:2.3:h:st:stm32l476rg:-
-
cpe:2.3:h:st:stm32l476vc:-
-
cpe:2.3:h:st:stm32l476ve:-
-
cpe:2.3:h:st:stm32l476vg:-
-
cpe:2.3:h:st:stm32l476ze:-
-
cpe:2.3:h:st:stm32l476zg:-
-
cpe:2.3:h:st:stm32l486jg:-
-
cpe:2.3:h:st:stm32l486qg:-
-
cpe:2.3:h:st:stm32l486rg:-
-
cpe:2.3:h:st:stm32l486vg:-
-
cpe:2.3:h:st:stm32l486zg:-
-
cpe:2.3:h:st:stm32l496ae:-
-
cpe:2.3:h:st:stm32l496ag:-
-
cpe:2.3:h:st:stm32l496qe:-
-
cpe:2.3:h:st:stm32l496qg:-
-
cpe:2.3:h:st:stm32l496re:-
-
cpe:2.3:h:st:stm32l496rg:-
-
cpe:2.3:h:st:stm32l496ve:-
-
cpe:2.3:h:st:stm32l496vg:-
-
cpe:2.3:h:st:stm32l496wg:-
-
cpe:2.3:h:st:stm32l496ze:-
-
cpe:2.3:h:st:stm32l496zg:-
-
cpe:2.3:h:st:stm32l4a6ag:-
-
cpe:2.3:h:st:stm32l4a6qg:-
-
cpe:2.3:h:st:stm32l4a6rg:-
-
cpe:2.3:h:st:stm32l4a6vg:-
-
cpe:2.3:h:st:stm32l4a6zg:-
-
cpe:2.3:o:st:stm32cubel4_firmware:-
-
cpe:2.3:o:st:stm32cubel4_firmware:1.14.0
-
cpe:2.3:o:st:stm32cubel4_firmware:1.15.0
-
cpe:2.3:o:st:stm32cubel4_firmware:1.15.1
-
cpe:2.3:o:st:stm32cubel4_firmware:1.16.0