Vulnerabilities > ST > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-20 | CVE-2020-20949 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). | 5.9 |
| 2020-08-31 | CVE-2020-13466 | Unspecified vulnerability in ST Stm32F103 Firmware 20200520 STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. low complexity st | 6.8 |
| 2020-02-12 | CVE-2019-19192 | Improper Input Validation vulnerability in ST Bluenrg-2 and Wb55 The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets. | 6.5 |
| 2019-11-14 | CVE-2019-16863 | Information Exposure Through Discrepancy vulnerability in ST products STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL. | 5.9 |
| 2019-09-24 | CVE-2019-14238 | Improper Authentication vulnerability in ST products On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. | 6.6 |
| 2018-09-12 | CVE-2017-18347 | Race Condition vulnerability in ST products Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection. | 4.6 |