1. Home
  2. CVE Database
  3. CVE-2020-27212
HIGH · 7.0

CVE-2020-27212

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (li...

Vulnerability Description

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
StStm32Cubel4 Firmware<= 1.16.0
StStm32L412C8-
StStm32L412Cb-
StStm32L412K8-
StStm32L412Kb-
StStm32L412R8-
StStm32L412Rb-
StStm32L412T8-
StStm32L412Tb-
StStm32L422Cb-
StStm32L422Kb-
StStm32L422Rb-
StStm32L422Tb-
StStm32L431Cb-
StStm32L431Cc-
StStm32L431Kb-
StStm32L431Kc-
StStm32L431Rb-
StStm32L431Rc-
StStm32L431Vc-

Related Weaknesses (CWE)

CWE-74

References

FAQ

What is CVE-2020-27212?

CVE-2020-27212 is a vulnerability with a CVSS score of 7.0 (HIGH). STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (li...

How severe is CVE-2020-27212?

CVE-2020-27212 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-27212?

Check the references section above for vendor advisories and patch information. Affected products include: St Stm32Cubel4 Firmware, St Stm32L412C8, St Stm32L412Cb, St Stm32L412K8, St Stm32L412Kb.