Description
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.
References (1)
Core 1
Core References
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://www.usenix.org/system/files/woot19-paper_schink.pdf
Scores
CVSS v3
9.8
EPSS
0.0226
EPSS Percentile
80.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (6)
st/stm32f4_firmware
st/stm32f7_firmware
st/stm32h7_firmware
st/stm32l0_firmware
st/stm32l1_firmware
st/stm32l4_firmware
Published
Sep 12, 2019
Tracked Since
Feb 18, 2026