MidnightBSD

Advisories for st

CVE-2003-0392 MEDIUM

Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
st ftp_service 3.0
CVE-2017-18347 MEDIUM

Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
st stm32f051c4_firmware -
st stm32f098vc_firmware -
st stm32f038f6_firmware -
st stm32f078rb_firmware -
st stm32f071cb_firmware -
st stm32f042k4_firmware -
st stm32f030r8_firmware -
st stm32f071rb_firmware -
st stm32f042g4_firmware -
st stm32f031g4_firmware -
st stm32f030k6_firmware -
st stm32f030f4_firmware -
st stm32f098rc_firmware -
st stm32f042f6_firmware -
st stm32f070f6_firmware -
st stm32f071v8_firmware -
st stm32f031c4_firmware -
st stm32f098cc_firmware -
st stm32f091vb_firmware -
st stm32f051c8_firmware -
st stm32f042c6_firmware -
st stm32f058r8_firmware -
st stm32f051k4_firmware -
st stm32f072c8_firmware -
st stm32f071c8_firmware -
st stm32f072v8_firmware -
st stm32f072vb_firmware -
st stm32f058t8_firmware -
st stm32f071vb_firmware -
st stm32f048c6_firmware -
st stm32f070c6_firmware -
st stm32f078vb_firmware -
st stm32f031c6_firmware -
st stm32f051t8_firmware -
st stm32f042t6_firmware -
st stm32f038e6_firmware -
st stm32f038g6_firmware -
st stm32f031f4_firmware -
st stm32f091rb_firmware -
st stm32f031e6_firmware -
st stm32f051r8_firmware -
st stm32f042f4_firmware -
st stm32f030cc_firmware -
st stm32f091cc_firmware -
st stm32f038c6_firmware -
st stm32f030c6_firmware -
st stm32f091cb_firmware -
st stm32f031f6_firmware -
st stm32f072rb_firmware -
st stm32f051c6_firmware -
st stm32f072r8_firmware -
st stm32f070cb_firmware -
st stm32f051r4_firmware -
st stm32f091rc_firmware -
st stm32f048t6_firmware -
st stm32f078cb_firmware -
st stm32f031g6_firmware -
st stm32f051r6_firmware -
st stm32f030rc_firmware -
st stm32f072cb_firmware -
st stm32f091vc_firmware -
st stm32f042k6_firmware -
st stm32f042g6_firmware -
st stm32f070rb_firmware -
st stm32f030c8_firmware -
st stm32f051k6_firmware -
st stm32f051k8_firmware -
st stm32f031k4_firmware -
st stm32f042c4_firmware -
st stm32f038k6_firmware -
st stm32f058c8_firmware -
st stm32f048g6_firmware -
CVE-2019-14236 HIGH

On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
st stm32f4_firmware -
st stm32l1_firmware -
st stm32l0_firmware -
st stm32l4_firmware -
st stm32f7_firmware -
st stm32h7_firmware -
CVE-2019-14238 MEDIUM

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
st stm32f4_firmware -
st stm32l1_firmware -
st stm32l0_firmware -
st stm32l4_firmware -
st stm32f7_firmware -
st stm32h7_firmware -
CVE-2019-16863 MEDIUM

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-327,

Products Affected

Vendor Product Version
st st33tphf2ei2c_firmware 73.5
st st33tphf20spi_firmware 74.0
st st33tphf20spi_firmware 74.16
st st33tphf2espi_firmware 71.0
st st33tphf2espi_firmware 73.8
st st33tphf20spi_firmware 74.8
st st33tphf20i2c_firmware 74.5
st st33tphf2espi_firmware 71.4
st st33tphf2espi_firmware 73.0
st st33tphf2espi_firmware 73.4
st st33tphf2ei2c_firmware 73.9
st st33tphf2espi_firmware 71.12
st st33tphf20spi_firmware 74.4
st st33tphf20i2c_firmware 74.9
CVE-2019-19192 LOW

The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
st bluenrg-2 *
st wb55 *
CVE-2020-13466 HIGH

STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
st stm32f103_firmware *
CVE-2020-20949 MEDIUM

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
st stm32cubef1 -
st stm32cubel0 -
st stm32cubef4 -
st stm32cubeprogrammer -
st stm32cubef2 -
st stm32cubel4+ -
ietf public_key_cryptography_standards_#1 1.5
st stm32cubel1 -
st stm32cubeide -
st stm32cubel4 -
st stm32cubel5 -
st stm32cubemonitor -
st stm32cubeg0 -
st stm32cubewb -
st stm32cubef0 -
st stm32cubef7 -
st stm32cubeg4 -
st stm32cubewl -
st stm32cubemx -
st stm32cubef3 -
st stm32cubeh7 -
st stm32cubemp1 -
CVE-2020-27212 MEDIUM

STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
st stm32cubel4_firmware *
CVE-2020-8004 MEDIUM

STMicroelectronics STM32F1 devices have Incorrect Access Control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
st stm32f1_firmware -
CVE-2021-29414 LOW

STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-74,

Products Affected

Vendor Product Version
st stm32cubel4_firmware *
CVE-2021-34259 MEDIUM

A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
st stm32cube_middleware *
CVE-2021-34260 MEDIUM

A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
st stm32cube_middleware *
CVE-2021-34261 LOW

An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
st stm32cube_middleware *
CVE-2021-34262 MEDIUM

A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
st stm32cube_middleware *
CVE-2021-34267 LOW

An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
st stm32cube_middleware *
CVE-2021-34268 LOW

An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
st stm32cube_middleware *
CVE-2021-42553

A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vulnerability@ncsc.ch 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
st stm32_mw_usb_host -
CVE-2021-43392 LOW

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-347,

Products Affected

Vendor Product Version
st j-safe3_firmware 1.2.5
st stsafe-j_firmware 1.1.4
CVE-2021-43393 LOW

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-347,

Products Affected

Vendor Product Version
st j-safe3_firmware 1.2.5
st stsafe-j_firmware 1.1.4
CVE-2023-36629

The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
st st54-android-packages-apps-nfc *
CVE-2023-50096

STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
st x-cube-safea1 1.2.0
CVE-2024-45064

A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
talos-cna@cisco.com 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

Products Affected

Vendor Product Version
st x-cube-azrtos-g4 2.0.0
st x-cube-azrtos-h7 3.3.0
st x-cube-azrtos-f7 1.1.0
st x-cube-azrtos-wl 2.0.0
st x-cube-azrt-h7rs 1.0.0
st x-cube-azrtos-g0 1.1.0
st x-cube-azrtos-l5 2.0.0
st x-cube-azrtos-l4 2.0.0
st x-cube-azrtos-f4 1.1.0
st x-cube-azrtos-wb 2.0.0
CVE-2024-50384

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Web Component HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
st x-cube-azrtos-g4 2.0.0
st x-cube-azrtos-h7 3.3.0
st x-cube-azrtos-f7 1.1.0
st x-cube-azrtos-wl 2.0.0
st x-cube-azrt-h7rs 1.0.0
st x-cube-azrtos-g0 1.1.0
st x-cube-azrtos-l5 2.0.0
st x-cube-azrtos-l4 2.0.0
st x-cube-azrtos-f4 1.1.0
st x-cube-azrtos-wb 2.0.0
CVE-2024-50385

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
talos-cna@cisco.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
st x-cube-azrtos-g4 2.0.0
st x-cube-azrtos-h7 3.3.0
st x-cube-azrtos-f7 1.1.0
st x-cube-azrtos-wl 2.0.0
st x-cube-azrt-h7rs 1.0.0
st x-cube-azrtos-g0 1.1.0
st x-cube-azrtos-l5 2.0.0
st x-cube-azrtos-l4 2.0.0
st x-cube-azrtos-f4 1.1.0
st x-cube-azrtos-wb 2.0.0
CVE-2024-50594

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
talos-cna@cisco.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
st x-cube-azrtos-g4 2.0.0
st x-cube-azrtos-h7 3.3.0
st x-cube-azrtos-f7 1.1.0
st x-cube-azrtos-wl 2.0.0
st x-cube-azrt-h7rs 1.0.0
st x-cube-azrtos-g0 1.1.0
st x-cube-azrtos-l5 2.0.0
st x-cube-azrtos-l4 2.0.0
st x-cube-azrtos-f4 1.1.0
st x-cube-azrtos-wb 2.0.0
CVE-2024-50595

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
talos-cna@cisco.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
st x-cube-azrtos-g4 2.0.0
st x-cube-azrtos-h7 3.3.0
st x-cube-azrtos-f7 1.1.0
st x-cube-azrtos-wl 2.0.0
st x-cube-azrt-h7rs 1.0.0
st x-cube-azrtos-g0 1.1.0
st x-cube-azrtos-l5 2.0.0
st x-cube-azrtos-l4 2.0.0
st x-cube-azrtos-f4 1.1.0
st x-cube-azrtos-wb 2.0.0
CVE-2024-50596

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
st x-cube-azrtos-g4 2.0.0
st x-cube-azrtos-h7 3.3.0
st x-cube-azrtos-f7 1.1.0
st x-cube-azrtos-wl 2.0.0
st x-cube-azrt-h7rs 1.0.0
st x-cube-azrtos-g0 1.1.0
st x-cube-azrtos-l5 2.0.0
st x-cube-azrtos-l4 2.0.0
st x-cube-azrtos-f4 1.1.0
st x-cube-azrtos-wb 2.0.0
CVE-2024-50597

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
talos-cna@cisco.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
st x-cube-azrtos-g4 2.0.0
st x-cube-azrtos-h7 3.3.0
st x-cube-azrtos-f7 1.1.0
st x-cube-azrtos-wl 2.0.0
st x-cube-azrt-h7rs 1.0.0
st x-cube-azrtos-g0 1.1.0
st x-cube-azrtos-l5 2.0.0
st x-cube-azrtos-l4 2.0.0
st x-cube-azrtos-f4 1.1.0
st x-cube-azrtos-wb 2.0.0