CVE-2017-18347
MEDIUMSTM32F0 Series Firmware - Unauthenticated Firmware Extraction via SWD Race Condition
Title source: llmDescription
Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32
Exploit, Third Party Advisory x_refsource_misc
https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier
Exploit, Third Party Advisory x_refsource_misc
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Scores
CVSS v3
4.6
EPSS
0.0040
EPSS Percentile
31.7%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-362
Status
published
Products (50)
st/stm32f030c6_firmware
st/stm32f030c8_firmware
st/stm32f030cc_firmware
st/stm32f030f4_firmware
st/stm32f030k6_firmware
st/stm32f030r8_firmware
st/stm32f030rc_firmware
st/stm32f031c4_firmware
st/stm32f031c6_firmware
st/stm32f031e6_firmware
... and 40 more
Published
Sep 12, 2018
Tracked Since
Feb 18, 2026