CVE-2019-14238
First published: Tue Sep 24 2019(Updated: )
On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| St Stm32l0 Firmware | ||
| St Stm32l0 | ||
| St Stm32l1 Firmware | ||
| St Stm32l1 | ||
| St Stm32f4 Firmware | ||
| St Stm32f4 | ||
| St Stm32l4 Firmware | ||
| St Stm32l4 | ||
| St Stm32f7 Firmware | ||
| St Stm32f7 | ||
| St Stm32h7 Firmware | ||
| St Stm32h7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-14238.
What is the severity of CVE-2019-14238?
The severity of CVE-2019-14238 is medium.
How can Proprietary Code Read Out Protection (PCROP) be defeated on STMicroelectronics STM32F7 devices?
Proprietary Code Read Out Protection (PCROP) on STMicroelectronics STM32F7 devices can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.
What is the affected software for CVE-2019-14238?
The affected software for CVE-2019-14238 includes STMicroelectronics STM32L0 Firmware, STMicroelectronics STM32L1 Firmware, STMicroelectronics STM32F4 Firmware, STMicroelectronics STM32L4 Firmware, STMicroelectronics STM32F7 Firmware, and STMicroelectronics STM32H7 Firmware.
Are STMicroelectronics STM32L0, STM32L1, STM32F4, STM32L4, STM32F7, and STM32H7 vulnerable to CVE-2019-14238?
No, STMicroelectronics STM32L0, STM32L1, STM32F4, STM32L4, STM32F7, and STM32H7 are not vulnerable to CVE-2019-14238.
Is there any reference material for CVE-2019-14238?
Yes, you can refer to the following links for more information on CVE-2019-14238: [Whitepaper 1](https://www.usenix.org/conference/woot19/presentation/schink) and [Whitepaper 2](https://www.usenix.org/system/files/woot19-paper_schink.pdf).
What is the Common Weakness Enumeration (CWE) for CVE-2019-14238?
The Common Weakness Enumeration (CWE) for CVE-2019-14238 is CWE-287.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/st
- canonical/st stm32l0 firmware
- canonical/st stm32l0
- canonical/st stm32l1 firmware
- canonical/st stm32l1
- canonical/st stm32f4 firmware
- canonical/st stm32f4
- canonical/st stm32l4 firmware
- canonical/st stm32l4
- canonical/st stm32f7 firmware
- canonical/st stm32f7
- canonical/st stm32h7 firmware
- canonical/st stm32h7