SWRA792 august   2023 MSP430FR5041 , MSP430FR5043 , MSP430FR50431 , MSP430FR5847 , MSP430FR58471 , MSP430FR5848 , MSP430FR5849 , MSP430FR5857 , MSP430FR5858 , MSP430FR5859 , MSP430FR5867 , MSP430FR58671 , MSP430FR5868 , MSP430FR5869 , MSP430FR5870 , MSP430FR5872 , MSP430FR58721 , MSP430FR5887 , MSP430FR5888 , MSP430FR5889 , MSP430FR58891 , MSP430FR5922 , MSP430FR59221 , MSP430FR5947 , MSP430FR59471 , MSP430FR5948 , MSP430FR5949 , MSP430FR5957 , MSP430FR5958 , MSP430FR5959 , MSP430FR5962 , MSP430FR5964 , MSP430FR5967 , MSP430FR5968 , MSP430FR5969 , MSP430FR59691 , MSP430FR5970 , MSP430FR5972 , MSP430FR59721 , MSP430FR5986 , MSP430FR5987 , MSP430FR5988 , MSP430FR5989 , MSP430FR59891 , MSP430FR5992 , MSP430FR5994 , MSP430FR59941 , MSP430FR6005 , MSP430FR6007 , MSP430FR6035 , MSP430FR6037 , MSP430FR60371 , MSP430FR6041 , MSP430FR6043 , MSP430FR60431 , MSP430FR6045 , MSP430FR6047 , MSP430FR60471 , MSP430FR6820 , MSP430FR6822 , MSP430FR68221 , MSP430FR6870 , MSP430FR6872 , MSP430FR68721 , MSP430FR6877 , MSP430FR6879 , MSP430FR68791 , MSP430FR6887 , MSP430FR6888 , MSP430FR6889 , MSP430FR68891 , MSP430FR6920 , MSP430FR6922 , MSP430FR69221 , MSP430FR6927 , MSP430FR69271 , MSP430FR6928 , MSP430FR6970 , MSP430FR6972 , MSP430FR69721 , MSP430FR6977 , MSP430FR6979 , MSP430FR69791 , MSP430FR6987 , MSP430FR6988 , MSP430FR6989 , MSP430FR69891

 

  1.   1
  2.   Summary
  3.   Vulnerability

Vulnerability

TI PSIRT ID

TI-PSIRT-2023-040180

CVE ID

Not applicable.

CVSS Base Score

7.1

Affected Products

  • MSP430FR58xx family devices
  • MSP430FR59xx family devices
  • MSP430FR6xxx family devices

Potentially Impacted Features

This vulnerability allows an attacker to write arbitrary code to an IPE protected region, potentially gaining access to protected code. Applying recommended mitigations may limit the functionality of the code within the IPE protected memory region.

Suggested Mitigations

The attacker needs access to the non-protected regions of the device to exploit this vulnerability. Preventing this access would be the first step in preventing the vulnerability. A combination of the following mitigations can be utilized to prevent the vulnerability.

  • Locking of JTAG and BSL interfaces to prevent device access.
  • Use the Memory Protection Unit (MPU) to place write protections on the IPE protected region, while locking MPU settings to prevent attackers from removing protections.

Additional security practices are discussed in the MSP Code Protection Features application note.

Acknowledgments

We would like to thank Marton Bognar, Cas Magnus, Jo Van Bulck, and Frank Piessens from KU Leuven University in Belgium for reporting this vulnerability to the TI Product Security Incident Response Team (PSIRT).

External References

Texas Instruments, MSP Code Protection Features, application note.