Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-18347

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.6, with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 144 products from st, from st, from st and 141 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2018, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2018-09-12T15:29:00.233

Last Modified

2024-11-21T03:19:53.833

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	st	stm32f071rb_firmware	-	Yes
Hardware	st	stm32f071rb	-	No
Operating System	st	stm32f071v8_firmware	-	Yes
Hardware	st	stm32f071v8	-	No
Operating System	st	stm32f071vb_firmware	-	Yes
Hardware	st	stm32f071vb	-	No
Operating System	st	stm32f072c8_firmware	-	Yes
Hardware	st	stm32f072c8	-	No
Operating System	st	stm32f072cb_firmware	-	Yes
Hardware	st	stm32f072cb	-	No
Operating System	st	stm32f072r8_firmware	-	Yes
Hardware	st	stm32f072r8	-	No
Operating System	st	stm32f072rb_firmware	-	Yes
Hardware	st	stm32f072rb	-	No
Operating System	st	stm32f072v8_firmware	-	Yes
Hardware	st	stm32f072v8	-	No
Operating System	st	stm32f072vb_firmware	-	Yes
Hardware	st	stm32f072vb	-	No
Operating System	st	stm32f078cb_firmware	-	Yes
Hardware	st	stm32f078cb	-	No
Operating System	st	stm32f078rb_firmware	-	Yes
Hardware	st	stm32f078rb	-	No
Operating System	st	stm32f078vb_firmware	-	Yes
Hardware	st	stm32f078vb	-	No
Operating System	st	stm32f091cb_firmware	-	Yes
Hardware	st	stm32f091cb	-	No
Operating System	st	stm32f091cc_firmware	-	Yes
Hardware	st	stm32f091cc	-	No
Operating System	st	stm32f091rb_firmware	-	Yes
Hardware	st	stm32f091rb	-	No
Operating System	st	stm32f091rc_firmware	-	Yes
Hardware	st	stm32f091rc	-	No
Operating System	st	stm32f091vb_firmware	-	Yes
Hardware	st	stm32f091vb	-	No
Operating System	st	stm32f091vc_firmware	-	Yes
Hardware	st	stm32f091vc	-	No
Operating System	st	stm32f098cc_firmware	-	Yes
Hardware	st	stm32f098cc	-	No
Operating System	st	stm32f098rc_firmware	-	Yes
Hardware	st	stm32f098rc	-	No
Operating System	st	stm32f098vc_firmware	-	Yes
Hardware	st	stm32f098vc	-	No
Operating System	st	stm32f070c6_firmware	-	Yes
Hardware	st	stm32f070c6	-	No
Operating System	st	stm32f070cb_firmware	-	Yes
Hardware	st	stm32f070cb	-	No
Operating System	st	stm32f070f6_firmware	-	Yes
Hardware	st	stm32f070f6	-	No
Operating System	st	stm32f070rb_firmware	-	Yes
Hardware	st	stm32f070rb	-	No
Operating System	st	stm32f071c8_firmware	-	Yes
Hardware	st	stm32f071c8	-	No
Operating System	st	stm32f071cb_firmware	-	Yes
Hardware	st	stm32f071cb	-	No
Operating System	st	stm32f051t8_firmware	-	Yes
Hardware	st	stm32f051t8	-	No
Operating System	st	stm32f058c8_firmware	-	Yes
Hardware	st	stm32f058c8	-	No
Operating System	st	stm32f058r8_firmware	-	Yes
Hardware	st	stm32f058r8	-	No
Operating System	st	stm32f058t8_firmware	-	Yes
Hardware	st	stm32f058t8	-	No
Operating System	st	stm32f070c6_firmware	-	Yes
Hardware	st	stm32f070c6	-	No
Operating System	st	stm32f051k4_firmware	-	Yes
Hardware	st	stm32f051k4	-	No
Operating System	st	stm32f051k6_firmware	-	Yes
Hardware	st	stm32f051k6	-	No
Operating System	st	stm32f051k8_firmware	-	Yes
Hardware	st	stm32f051k8	-	No
Operating System	st	stm32f051r4_firmware	-	Yes
Hardware	st	stm32f051r4	-	No
Operating System	st	stm32f051r6_firmware	-	Yes
Hardware	st	stm32f051r6	-	No
Operating System	st	stm32f051r8_firmware	-	Yes
Hardware	st	stm32f051r8	-	No
Operating System	st	stm32f042t6_firmware	-	Yes
Hardware	st	stm32f042t6	-	No
Operating System	st	stm32f048c6_firmware	-	Yes
Hardware	st	stm32f048c6	-	No
Operating System	st	stm32f048g6_firmware	-	Yes
Hardware	st	stm32f048g6	-	No
Operating System	st	stm32f048t6_firmware	-	Yes
Hardware	st	stm32f048t6	-	No
Operating System	st	stm32f051c4_firmware	-	Yes
Hardware	st	stm32f051c4	-	No
Operating System	st	stm32f051c6_firmware	-	Yes
Hardware	st	stm32f051c6	-	No
Operating System	st	stm32f051c8_firmware	-	Yes
Hardware	st	stm32f051c8	-	No
Operating System	st	stm32f042f4_firmware	-	Yes
Hardware	st	stm32f042f4	-	No
Operating System	st	stm32f042f6_firmware	-	Yes
Hardware	st	stm32f042f6	-	No
Operating System	st	stm32f042g4_firmware	-	Yes
Hardware	st	stm32f042g4	-	No
Operating System	st	stm32f042g6_firmware	-	Yes
Hardware	st	stm32f042g6	-	No
Operating System	st	stm32f042k4_firmware	-	Yes
Hardware	st	stm32f042k4	-	No
Operating System	st	stm32f042k6_firmware	-	Yes
Hardware	st	stm32f042k6	-	No
Operating System	st	stm32f038c6_firmware	-	Yes
Hardware	st	stm32f038c6	-	No
Operating System	st	stm32f038e6_firmware	-	Yes
Hardware	st	stm32f038e6	-	No
Operating System	st	stm32f038f6_firmware	-	Yes
Hardware	st	stm32f038f6	-	No
Operating System	st	stm32f038g6_firmware	-	Yes
Hardware	st	stm32f038g6	-	No
Operating System	st	stm32f038k6_firmware	-	Yes
Hardware	st	stm32f038k6	-	No
Operating System	st	stm32f042c4_firmware	-	Yes
Hardware	st	stm32f042c4	-	No
Operating System	st	stm32f042c6_firmware	-	Yes
Hardware	st	stm32f042c6	-	No
Operating System	st	stm32f031e6_firmware	-	Yes
Hardware	st	stm32f031e6	-	No
Operating System	st	stm32f031f4_firmware	-	Yes
Hardware	st	stm32f031f4	-	No
Operating System	st	stm32f031f6_firmware	-	Yes
Hardware	st	stm32f031f6	-	No
Operating System	st	stm32f031g4_firmware	-	Yes
Hardware	st	stm32f031g4	-	No
Operating System	st	stm32f031g6_firmware	-	Yes
Hardware	st	stm32f031g6	-	No
Operating System	st	stm32f031k4_firmware	-	Yes
Hardware	st	stm32f031k4	-	No
Operating System	st	stm32f030f4_firmware	-	Yes
Hardware	st	stm32f030f4	-	No
Operating System	st	stm32f030k6_firmware	-	Yes
Hardware	st	stm32f030k6	-	No
Operating System	st	stm32f030r8_firmware	-	Yes
Hardware	st	stm32f030r8	-	No
Operating System	st	stm32f030rc_firmware	-	Yes
Hardware	st	stm32f030rc	-	No
Operating System	st	stm32f031c4_firmware	-	Yes
Hardware	st	stm32f031c4	-	No
Operating System	st	stm32f031c6_firmware	-	Yes
Hardware	st	stm32f031c6	-	No
Operating System	st	stm32f030c6_firmware	-	Yes
Hardware	st	stm32f030c6	-	No
Operating System	st	stm32f030c8_firmware	-	Yes
Hardware	st	stm32f030c8	-	No
Operating System	st	stm32f030cc_firmware	-	Yes
Hardware	st	stm32f030cc	-	No

References

https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32 Vendor Advisory ([email protected])
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html Exploit, Third Party Advisory ([email protected])
https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier Exploit, Third Party Advisory ([email protected])
https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For st's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.