Vulnerabilities > ST

DATE CVE VULNERABILITY TITLE RISK
2021-07-22 CVE-2021-34268 Unspecified vulnerability in ST Stm32Cube Middleware
An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet.
local
low complexity
st
2.1
2021-05-21 CVE-2020-27212 Injection vulnerability in ST Stm32Cubel4 Firmware
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control.
local
st CWE-74
4.4
2021-05-21 CVE-2021-29414 Injection vulnerability in ST Stm32Cubel4 Firmware
STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.
local
low complexity
st CWE-74
3.6
2021-01-20 CVE-2020-20949 Inadequate Encryption Strength vulnerability in multiple products
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924).
network
st ietf CWE-326
4.3
2020-08-31 CVE-2020-13466 Unspecified vulnerability in ST Stm32F103 Firmware
STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.
local
low complexity
st
7.2
2020-04-06 CVE-2020-8004 Information Exposure vulnerability in ST Stm32F1 Firmware
STMicroelectronics STM32F1 devices have Incorrect Access Control.
network
low complexity
st CWE-200
5.0
2020-02-12 CVE-2019-19192 Improper Input Validation vulnerability in ST Bluenrg-2 and Wb55
The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets.
low complexity
st CWE-20
3.3
2019-11-14 CVE-2019-16863 Information Exposure Through Discrepancy vulnerability in ST products
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
network
high complexity
st CWE-203
5.9
2019-09-24 CVE-2019-14238 Improper Authentication vulnerability in ST products
On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.
local
low complexity
st CWE-287
4.6
2019-09-12 CVE-2019-14236 Incorrect Authorization vulnerability in ST products
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.
network
low complexity
st CWE-863
7.5