CVE-2019-14236

Name of the Vulnerable Software and Affected Versions STMicroelectronics STM32L0 version (affected versions not specified) STMicroelectronics STM32L1 version (affected versions not specified) STMicroelectronics STM32L4 version (affected versions not specified) STMicroelectronics STM32F4 version (affected versions not specified) STMicroelectronics STM32F7 version (affected versions not specified) STMicroelectronics STM32H7 version (affected versions not specified)

Description The issue concerns the Proprietary Code Read Out Protection (PCROP) method, which is a software IP protection technique. It can be bypassed by monitoring CPU registers and analyzing the effects of code or instruction execution.

Recommendations For STMicroelectronics STM32L0, consider implementing additional security measures to protect against PCROP bypass. For STMicroelectronics STM32L1, restrict access to sensitive areas of the device to minimize the risk of exploitation. For STMicroelectronics STM32L4, apply configuration changes to enhance the security of the PCROP method. For STMicroelectronics STM32F4, disable any unnecessary features that may be exploited to bypass PCROP. For STMicroelectronics STM32F7, use secure coding practices to prevent exploitation of the PCROP bypass. For STMicroelectronics STM32H7, avoid using the device for sensitive applications until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.