Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00066Percentile:
0.20764
CVSS Scoring
CVSS v3.1 Score: 4.6
Severity: MEDIUM
Mapped CWE(s)
CWE-362
: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
All CAPEC(s)
CAPEC-26 : Leveraging Race Conditions
CAPEC-29 : Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC(s) with Mapped TTPs
Mapped ATT&CK TTPs
Affected Products
cpe:2.3:o:st:stm32f071rb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f071v8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f071vb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f072c8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f072cb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f072r8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f072rb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f072v8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f072vb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f078cb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f078rb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f078vb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f091cb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f091cc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f091rb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f091rc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f091vb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f091vc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f098cc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f098rc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f098vc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f070c6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f070cb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f070f6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f070rb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f071c8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f071cb_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f051t8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f058c8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f058r8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f058t8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f070c6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f051k4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f051k6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f051k8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f051r4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f051r6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f051r8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f042t6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f048c6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f048g6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f048t6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f051c4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f051c6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f051c8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f042f4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f042f6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f042g4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f042g6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f042k4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f042k6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f038c6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f038e6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f038f6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f038g6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f038k6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f042c4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f042c6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f031e6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f031f4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f031f6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f031g4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f031g6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f031k4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f030f4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f030k6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f030r8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f030rc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f031c4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f031c6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f030c6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f030c8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:st:stm32f030cc_firmware:-:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me