Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
STMicroelectronics

STMicroelectronics Vendor Cyber Rating & Cyber Score

st.com

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life. ST’s products are found everywhere today, and together with our customers, we are enabling smarter driving and smarter factories, cities and homes, along with the next generation of mobile and Internet of Things devices. By getting more from technology to get more from life, ST stands for life.augmented.


STMicroelectronics A.I CyberSecurity Scoring

STMicroelectronics
Company Information
Website:https://www.st.com?src=linkedin
Employees number:34,873
Number of followers:887,777
NAICS:3344
Industry Type:Semiconductor Manufacturing
Homepage:st.com
STMicroelectronics Risk Score (AI oriented)
Between 800 and 849
logo
STMicroelectronicsSemiconductor Manufacturing
Updated:
06/07/2026
812/1000
Good
A
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
STMicroelectronics Global Score (TPRM)
xxxx
logo
STMicroelectronicsSemiconductor Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

STMicroelectronics
STMicroelectronicsGood
Current Score
812A (GOOD)
01000
2 incidents
-4 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
812Before Incident
JUNE 2026
812Before Incident
MAY 2026
812Before Incident
APRIL 2026
815Before Incident
Vulnerability
07 Apr 2026STMicroelectronics
Thales, STMicroelectronics and NXP: Critical Android “Zero-Interaction” Vulnerability Enables DoS Attacks

Google Patches Critical Zero-Interaction Android Vulnerability in April 2026 Security Update

811After Incident
LOW-4
NXPTHASTM1775572928
Google Patches Critical Zero-Interaction Android Vulnerability in April 2026 Security Update Google’s April 2026 Android Security Bulletin addresses multiple high-risk vulnerabilities, including a critical zero-interaction flaw in the Android Framework. The most severe issue, CVE-2026-0049, allows attackers to execute a local denial-of-service (DoS) attack without user interaction or elevated privileges, potentially rendering affected devices unresponsive. The vulnerability impacts Android versions 14, 15, 16, and 16-qpr2, with patches released via the 2026-04-01 security patch level. Additionally, the update resolves CVE-2025-48651, a high-severity flaw in the StrongBox hardware-backed key storage system, affecting implementations from Google, NXP, STMicroelectronics, and Thales. This vulnerability compromises the security of cryptographic keys, necessitating the 2026-04-05 patch level for full protection. Google has provided device manufacturers with advance notice to facilitate timely updates. Users can verify protection by checking their device’s security patch level, with 2026-04-05 or later ensuring full mitigation. The Android Open Source Project (AOSP) will receive source code patches within 48 hours of the bulletin’s release.
INCIDENT DETAILS -
TYPE
Vulnerability
IMPACT
Systems Affected: Android devices (versions 14, 15, 16, 16-qpr2)Downtime: Potential device unresponsivenessOperational Impact: Denial-of-service (DoS) attack risk, compromised cryptographic key security
DATA BREACH
Sensitivity Of Data: Cryptographic keys (StrongBox vulnerability)
MARCH 2026
803Before Incident
Vulnerability
01 Mar 2026STMicroelectronics
STMicroelectronics, Zephyr Project, Espressif, ArduPilot and RT-Thread: Seven Bugs in FatFs Put IoT and Embedded Devices at Risk

Seven Critical Vulnerabilities in FatFs Expose IoT and Embedded Devices to Attacks

813After Incident
CRITICAL-10
ZERTHEESPSTMARD1783341911
Seven Critical Vulnerabilities in FatFs Expose IoT and Embedded Devices to Attacks Cybersecurity firm runZero disclosed seven vulnerabilities in FatFs, a widely used open-source filesystem library for embedded and IoT devices, on July 6, 2026. The flaws, ranging from CVSS 4.6 (Medium) to 7.6 (High), can lead to memory corruption, crashes, data leaks, or remote code execution when devices process maliciously crafted storage media (e.g., USB drives, SD cards). ### Discovery and Impact The vulnerabilities were uncovered during a 2026 re-audit of FatFs, which had previously undergone a 2017 security review with minimal findings. This time, researchers leveraged GitHub Copilot in auto mode to automate fuzzing and exploit validation, revealing issues that manual testing had missed. The flaws affect numerous platforms, including: - Espressif ESP-IDF - STMicroelectronics STM32Cube - Zephyr RTOS - MicroPython - ArduPilot - RT-Thread - Mbed - Samsung TizenRT - SWUpdate Downstream devices such as security cameras, voting machines, ATMs, drones, and industrial controllers are at risk, particularly those lacking modern memory protections like ASLR. Physical access to vulnerable devices could allow attackers to gain full control, while two flaws (CVE-2026-6682, CVE-2026-6683) also enable remote exploitation via firmware updates. ### Vulnerability Breakdown 1. CVE-2026-6682 (CVSS 7.6) – FAT32 integer overflow in `mount_volume()` leading to heap/stack corruption and potential code execution. 2. CVE-2026-6687 (CVSS 7.6) – exFAT label-length stack overflow causing memory corruption. 3. CVE-2026-6688 (CVSS 7.6) – Long filename overflow in downstream code, risking buffer overflows via `strcpy`/`sprintf`. 4. CVE-2026-6685 (CVSS 6.1) – Unsigned subtraction wrap in dirty-cache handling, risking silent data corruption. 5. CVE-2026-6683 (CVSS 4.6) – exFAT divide-by-zero in sync/write paths, causing crashes or bricking during firmware updates. 6. CVE-2026-6686 (CVSS 4.6) – Uninitialized cluster exposure, leaking stale deleted file data. 7. CVE-2026-6684 (CVSS 4.6) – GPT partition scan loop in pre-R0.16 versions, enabling boot-time denial-of-service. ### Patch Status and Challenges FatFs is maintained by a single developer, who did not respond to disclosure attempts. JPCERT/CC was also unable to facilitate coordination. Only one flaw (CVE-2026-6684) has an upstream fix (in R0.16), but vendors must manually integrate it into their vendored copies. The lack of a responsive maintainer and widespread custom modifications by vendors complicate patching, mirroring delays seen in past disclosures like PixieFail (2024). ### Proof-of-Concept and Current Threat runZero released proof-of-concept disk images, a test harness, and a QEMU-based exploit demo in a public repository. As of the disclosure date, no active attacks had been reported. However, the automated tooling used to find these flaws is now widely accessible, increasing the risk of future exploitation. The vulnerabilities underscore the long-term risks of widely embedded, minimally maintained components in critical infrastructure and consumer devices.
INCIDENT DETAILS -
TYPE
Vulnerability Disclosure
IMPACT
Data Compromised: Stale deleted file data (CVE-2026-6686)Systems Affected: IoT and embedded devices using FatFsDowntime: Crashes or bricking (CVE-2026-6683, CVE-2026-6684)Operational Impact: Potential remote code execution, memory corruption, data leaks
DATA BREACH
Type Of Data Compromised: Stale deleted file data
FEBRUARY 2026
803Before Incident
JANUARY 2026
809Before Incident
DECEMBER 2025
809Before Incident
NOVEMBER 2025
809Before Incident
OCTOBER 2025
809Before Incident
SEPTEMBER 2025
809Before Incident
AUGUST 2025
809Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for STMicroelectronics ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in June 2026 ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in May 2026 ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in April 2026 ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in March 2026 ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in February 2026 ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in January 2026 ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in December 2025 ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in November 2025 ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in October 2025 ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in September 2025 ?
?
What was STMicroelectronics's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on STMicroelectronics's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with STMicroelectronics ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view STMicroelectronics's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?