STMicroelectronics A.I CyberSecurity Scoring
STMicroelectronics
Company Information
Website:https://www.st.com?src=linkedin
Employees number:34,873
Number of followers:887,777
NAICS:3344
Industry Type:Semiconductor Manufacturing
Homepage:st.com
STMicroelectronics Risk Score (AI oriented)
Between 800 and 849
STMicroelectronicsSemiconductor Manufacturing
Updated:
06/07/2026
06/07/2026
812/1000
Good
A
STMicroelectronics Global Score (TPRM)
xxxx
STMicroelectronicsSemiconductor Manufacturing
Score locked

STMicroelectronicsGood
Current Score
812A (GOOD)
01000
2 incidents
-4 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
812
JUNE 2026
812
MAY 2026
812
APRIL 2026
815
Vulnerability
07 Apr 2026 • STMicroelectronics
Thales, STMicroelectronics and NXP: Critical Android “Zero-Interaction” Vulnerability Enables DoS Attacks
Google Patches Critical Zero-Interaction Android Vulnerability in April 2026 Security Update
811
LOW-4
NXPTHASTM1775572928
Google Patches Critical Zero-Interaction Android Vulnerability in April 2026 Security Update
Google’s April 2026 Android Security Bulletin addresses multiple high-risk vulnerabilities, including a critical zero-interaction flaw in the Android Framework. The most severe issue, CVE-2026-0049, allows attackers to execute a local denial-of-service (DoS) attack without user interaction or elevated privileges, potentially rendering affected devices unresponsive. The vulnerability impacts Android versions 14, 15, 16, and 16-qpr2, with patches released via the 2026-04-01 security patch level.
Additionally, the update resolves CVE-2025-48651, a high-severity flaw in the StrongBox hardware-backed key storage system, affecting implementations from Google, NXP, STMicroelectronics, and Thales. This vulnerability compromises the security of cryptographic keys, necessitating the 2026-04-05 patch level for full protection.
Google has provided device manufacturers with advance notice to facilitate timely updates. Users can verify protection by checking their device’s security patch level, with 2026-04-05 or later ensuring full mitigation. The Android Open Source Project (AOSP) will receive source code patches within 48 hours of the bulletin’s release.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
803
Vulnerability
01 Mar 2026 • STMicroelectronics
STMicroelectronics, Zephyr Project, Espressif, ArduPilot and RT-Thread: Seven Bugs in FatFs Put IoT and Embedded Devices at Risk
Seven Critical Vulnerabilities in FatFs Expose IoT and Embedded Devices to Attacks
813
CRITICAL-10
ZERTHEESPSTMARD1783341911
Seven Critical Vulnerabilities in FatFs Expose IoT and Embedded Devices to Attacks
Cybersecurity firm runZero disclosed seven vulnerabilities in FatFs, a widely used open-source filesystem library for embedded and IoT devices, on July 6, 2026. The flaws, ranging from CVSS 4.6 (Medium) to 7.6 (High), can lead to memory corruption, crashes, data leaks, or remote code execution when devices process maliciously crafted storage media (e.g., USB drives, SD cards).
### Discovery and Impact
The vulnerabilities were uncovered during a 2026 re-audit of FatFs, which had previously undergone a 2017 security review with minimal findings. This time, researchers leveraged GitHub Copilot in auto mode to automate fuzzing and exploit validation, revealing issues that manual testing had missed. The flaws affect numerous platforms, including:
- Espressif ESP-IDF
- STMicroelectronics STM32Cube
- Zephyr RTOS
- MicroPython
- ArduPilot
- RT-Thread
- Mbed
- Samsung TizenRT
- SWUpdate
Downstream devices such as security cameras, voting machines, ATMs, drones, and industrial controllers are at risk, particularly those lacking modern memory protections like ASLR. Physical access to vulnerable devices could allow attackers to gain full control, while two flaws (CVE-2026-6682, CVE-2026-6683) also enable remote exploitation via firmware updates.
### Vulnerability Breakdown
1. CVE-2026-6682 (CVSS 7.6) – FAT32 integer overflow in `mount_volume()` leading to heap/stack corruption and potential code execution.
2. CVE-2026-6687 (CVSS 7.6) – exFAT label-length stack overflow causing memory corruption.
3. CVE-2026-6688 (CVSS 7.6) – Long filename overflow in downstream code, risking buffer overflows via `strcpy`/`sprintf`.
4. CVE-2026-6685 (CVSS 6.1) – Unsigned subtraction wrap in dirty-cache handling, risking silent data corruption.
5. CVE-2026-6683 (CVSS 4.6) – exFAT divide-by-zero in sync/write paths, causing crashes or bricking during firmware updates.
6. CVE-2026-6686 (CVSS 4.6) – Uninitialized cluster exposure, leaking stale deleted file data.
7. CVE-2026-6684 (CVSS 4.6) – GPT partition scan loop in pre-R0.16 versions, enabling boot-time denial-of-service.
### Patch Status and Challenges
FatFs is maintained by a single developer, who did not respond to disclosure attempts. JPCERT/CC was also unable to facilitate coordination. Only one flaw (CVE-2026-6684) has an upstream fix (in R0.16), but vendors must manually integrate it into their vendored copies. The lack of a responsive maintainer and widespread custom modifications by vendors complicate patching, mirroring delays seen in past disclosures like PixieFail (2024).
### Proof-of-Concept and Current Threat
runZero released proof-of-concept disk images, a test harness, and a QEMU-based exploit demo in a public repository. As of the disclosure date, no active attacks had been reported. However, the automated tooling used to find these flaws is now widely accessible, increasing the risk of future exploitation.
The vulnerabilities underscore the long-term risks of widely embedded, minimally maintained components in critical infrastructure and consumer devices.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
803
JANUARY 2026
809
DECEMBER 2025
809
NOVEMBER 2025
809
OCTOBER 2025
809
SEPTEMBER 2025
809
AUGUST 2025
809
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for STMicroelectronics ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in June 2026 ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in May 2026 ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in April 2026 ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in March 2026 ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in February 2026 ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in January 2026 ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in December 2025 ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in November 2025 ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in October 2025 ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in September 2025 ??
What was STMicroelectronics's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on STMicroelectronics's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with STMicroelectronics ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view STMicroelectronics's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?