Cyber Resilience

CVE-2021-31532

MediumPublic PoC

Published: 06 May 2021

Published
06 May 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 34.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-31532 is a medium-severity an unspecified weakness vulnerability in Nxp Lpc55S69Jbd100. Its CVSS base score is 6.8 (Medium).

Operationally, ranked at the 34.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), LPC55S1x, LPC551x (silicon rev 0A) and LPC55S0x, LPC550x (silicon rev 0A) include an undocumented…

more

ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

nxp
lpc55s69jbd100 firmware
all versions
nxp
lpc55s66jbd100 firmware
all versions
nxp
lpc55s69jev98 firmware
all versions
nxp
lpcs66jev98 firmware
all versions
nxp
lpc55s69jbd64 firmware
all versions
nxp
lpcs66jbd64 firmware
all versions
nxp
i.mx rt500 firmware
all versions
nxp
i.mx rt600 firmware
all versions
nxp
lpc55s28 firmware
all versions
nxp
lpc55s26 firmware
all versions
+14 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References