Refine your search
18 vulnerabilities found for by Microchip
CVE-2026-2336 (GCVE-0-2026-2336)
Vulnerability from cvelistv5
Published
2026-04-16 17:02
Modified
2026-04-16 17:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-331 - Insufficient entropy
Summary
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T17:34:33.723469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T17:34:39.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IStaX",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2026.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rickard Jonsson"
}
],
"datePublic": "2026-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own \u003ccode\u003ewebstax_auth\u003c/code\u003e session cookie and forge a new cookie with administrative privileges.\u003cp\u003eThis issue affects IStaX before 2026.03.\u003c/p\u003e"
}
],
"value": "A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T17:02:06.352Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/istax-privilege-escalation-via-weak-cookie-authentication"
}
],
"source": {
"advisory": "PSIRT-123",
"discovery": "EXTERNAL"
},
"title": "Weak webstax_auth Cookie Authentication Allows Privilege Escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Restrict access to the management interface to trusted networks and trusted users until devices can be upgraded."
}
],
"value": "Restrict access to the management interface to trusted networks and trusted users until devices can be upgraded."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2026-2336",
"datePublished": "2026-04-16T17:02:06.352Z",
"dateReserved": "2026-02-11T10:30:26.167Z",
"dateUpdated": "2026-04-16T17:34:39.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9497 (GCVE-0-2025-9497)
Vulnerability from cvelistv5
Published
2026-03-28 10:58
Modified
2026-04-01 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | Time Provider 4100 |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:54:38.708217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:55:03.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Time Provider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User knowledge of the decryption passwords and upgrade package structure.\u003cbr\u003e"
}
],
"value": "User knowledge of the decryption passwords and upgrade package structure."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dario Emilio Bertani"
},
{
"lang": "en",
"type": "finder",
"value": "Raffaele Bova"
},
{
"lang": "en",
"type": "finder",
"value": "Andrea Sindoni"
},
{
"lang": "en",
"type": "finder",
"value": "Simone Bossi"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Manieri"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research (TIM S.p.A)"
}
],
"datePublic": "2026-03-28T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.\u003cp\u003eThis issue affects Time Provider 4100: before 2.5.0.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0."
}
],
"impacts": [
{
"capecId": "CAPEC-533",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-533 Malicious Manual Software Update"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T15:52:21.770Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-hardcoded-upgrade-decryption-passwords"
},
{
"tags": [
"technical-description"
],
"url": "https://www.gruppotim.it/en/footer/TIM-red-team.html"
}
],
"source": {
"advisory": "PSIRT-104",
"discovery": "EXTERNAL"
},
"title": "Hardcoded Upgrade Decryption Passwords",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\n\u003c/div\u003e\n\n \n\u003c/div\u003e\n \n \u003cdiv\u003e\n \u003cdiv\u003e\n \u003cdiv\u003e\n \u003cdiv\u003e\u003cdiv\u003e\n\n \u003cp\u003eUpgrades are only available on a separate management port which \nshould not be connected to an untrusted network. ACLs are available to \nfurther restrict access to only trusted addresses.\u003c/p\u003e\n\n\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Upgrades are only available on a separate management port which \nshould not be connected to an untrusted network. ACLs are available to \nfurther restrict access to only trusted addresses."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2025-9497",
"datePublished": "2026-03-28T10:58:29.620Z",
"dateReserved": "2025-08-26T17:59:09.578Z",
"dateUpdated": "2026-04-01T13:55:03.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3010 (GCVE-0-2026-3010)
Vulnerability from cvelistv5
Published
2026-02-28 11:45
Modified
2026-03-02 15:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | TimePictra |
Version: 11.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:20:07.391735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:21:20.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.microchip.com/en-us/products/clock-and-timing/systems/synchronization-management-monitoring/timepictra-11",
"defaultStatus": "unaffected",
"product": "TimePictra",
"vendor": "Microchip",
"versions": [
{
"lessThanOrEqual": "11.3 SP2",
"status": "affected",
"version": "11.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Steve Lin"
},
{
"lang": "en",
"type": "reporter",
"value": "Bastion Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Microchip TimePictra allows Query System for Information.\u003cp\u003eThis issue affects TimePictra: from 11.0 through 11.3 SP2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-28T11:45:30.301Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timepictra-stored-cross-site-scripting"
}
],
"source": {
"advisory": "PSIRT-126",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-02-04T23:00:00.000Z",
"value": "Reported"
}
],
"title": "TimePictra Stored Cross-Site Scripting",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eControl access to the web application\u003c/p\u003e"
}
],
"value": "Control access to the web application"
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2026-3010",
"datePublished": "2026-02-28T11:45:30.301Z",
"dateReserved": "2026-02-23T06:04:48.706Z",
"dateUpdated": "2026-03-02T15:21:20.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2844 (GCVE-0-2026-2844)
Vulnerability from cvelistv5
Published
2026-02-28 11:44
Modified
2026-03-02 15:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | TimePictra |
Version: 11.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:22:36.224920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:23:13.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.microchip.com/en-us/products/clock-and-timing/systems/synchronization-management-monitoring/timepictra-11",
"defaultStatus": "unaffected",
"product": "TimePictra",
"vendor": "Microchip",
"versions": [
{
"lessThanOrEqual": "11.3 SP2",
"status": "affected",
"version": "11.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Steve Lin"
},
{
"lang": "en",
"type": "reporter",
"value": "Bastion Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.\u003cp\u003eThis issue affects TimePictra: from 11.0 through 11.3 SP2.\u003c/p\u003e"
}
],
"value": "Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-28T11:44:07.402Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timepictra-authentication-bypass-vulnerability"
}
],
"source": {
"advisory": "PSIRT-125",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-02-04T23:00:00.000Z",
"value": "Reported"
}
],
"title": "TimePictra Authentication Bypass Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eControl access to the web application\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Control access to the web application"
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2026-2844",
"datePublished": "2026-02-28T11:44:07.402Z",
"dateReserved": "2026-02-20T05:31:04.082Z",
"dateUpdated": "2026-03-02T15:23:13.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47904 (GCVE-0-2025-47904)
Vulnerability from cvelistv5
Published
2026-02-24 15:34
Modified
2026-03-31 10:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Summary
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | Time Provider 4100 |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T19:52:08.415815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:53:24.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Time Provider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User knowledge of the decryption passwords and upgrade package structure.\u003cbr\u003e"
}
],
"value": "User knowledge of the decryption passwords and upgrade package structure."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dario Emilio Bertani"
},
{
"lang": "en",
"type": "finder",
"value": "Raffaele Bova"
},
{
"lang": "en",
"type": "finder",
"value": "Andrea Sindoni"
},
{
"lang": "en",
"type": "finder",
"value": "Simone Bossi"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Manieri"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research (TIM S.p.A)"
}
],
"datePublic": "2026-02-18T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.\u003cp\u003eThis issue affects Time Provider 4100: before 2.5.\u003c/p\u003e"
}
],
"value": "Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5."
}
],
"impacts": [
{
"capecId": "CAPEC-533",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-533 Malicious Manual Software Update"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T10:39:23.425Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-unsigned-upgrade-vulnerability"
},
{
"tags": [
"technical-description"
],
"url": "https://www.gruppotim.it/en/footer/TIM-red-team.html"
}
],
"source": {
"advisory": "PSIRT-105",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-14T22:00:00.000Z",
"value": "Reported"
}
],
"title": "Unsigned upgrade package",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrades are only available on a separate management port which should \nnot be connected to an untrusted network. ACLs are available to further\n restrict access to only trusted addresses.\n\n\u003cbr\u003e"
}
],
"value": "Upgrades are only available on a separate management port which should \nnot be connected to an untrusted network. ACLs are available to further\n restrict access to only trusted addresses."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2025-47904",
"datePublished": "2026-02-24T15:34:20.905Z",
"dateReserved": "2025-05-13T19:24:53.452Z",
"dateUpdated": "2026-03-31T10:39:23.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47902 (GCVE-0-2025-47902)
Vulnerability from cvelistv5
Published
2025-10-20 17:52
Modified
2026-03-31 10:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | Time Provider 4100 |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T15:37:47.373652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T15:38:03.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Time Provider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A user authenticated on the web interface on the separate management port."
}
],
"value": "A user authenticated on the web interface on the separate management port."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dario Emilio Bertani"
},
{
"lang": "en",
"type": "finder",
"value": "Raffaele Bova"
},
{
"lang": "en",
"type": "finder",
"value": "Andrea Sindoni"
},
{
"lang": "en",
"type": "finder",
"value": "Simone Bossi"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Manieri"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research (TIM S.p.A)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Microchip Time Provider 4100 allows SQL Injection.\u003cp\u003eThis issue affects Time Provider 4100: before 2.5.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T10:38:57.976Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-sql-command-injection-47902"
},
{
"tags": [
"technical-description"
],
"url": "https://www.gruppotim.it/en/footer/TIM-red-team.html"
}
],
"source": {
"advisory": "PSIRT-103",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-15T07:00:00.000Z",
"value": "Reported"
}
],
"title": "SQL Injection in web resource",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Do not expose the web interface on the separate management port to an \nuntrusted network. For added security, users have the option to disable \nthe web interface, further protecting the device from potential \nweb-based exploitations."
}
],
"value": "Do not expose the web interface on the separate management port to an \nuntrusted network. For added security, users have the option to disable \nthe web interface, further protecting the device from potential \nweb-based exploitations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2025-47902",
"datePublished": "2025-10-20T17:52:52.844Z",
"dateReserved": "2025-05-13T19:24:53.452Z",
"dateUpdated": "2026-03-31T10:38:57.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47901 (GCVE-0-2025-47901)
Vulnerability from cvelistv5
Published
2025-10-20 17:48
Modified
2026-03-31 10:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | Time Provider 4100 |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T15:38:53.264980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T15:38:55.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Time Provider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated user with access to the web interface on a separate management port"
}
],
"value": "An authenticated user with access to the web interface on a separate management port"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dario Emilio Bertani"
},
{
"lang": "en",
"type": "finder",
"value": "Raffaele Bova"
},
{
"lang": "en",
"type": "finder",
"value": "Andrea Sindoni"
},
{
"lang": "en",
"type": "finder",
"value": "Simone Bossi"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Manieri"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research (TIM S.p.A)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Microchip Time Provider 4100 allows OS Command Injection.\u003cp\u003eThis issue affects Time Provider 4100: before 2.5.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T10:38:33.680Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution-47901"
},
{
"tags": [
"technical-description"
],
"url": "https://www.gruppotim.it/en/footer/TIM-red-team.html"
}
],
"source": {
"advisory": "PSIRT-102",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-15T07:00:00.000Z",
"value": "Reported"
}
],
"title": "RCE on restore configuration password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Do not expose the web interface on the separate management port to an \nuntrusted network. For added security, users have the option to disable \nthe web interface, further protecting the device from potential \nweb-based exploitations."
}
],
"value": "Do not expose the web interface on the separate management port to an \nuntrusted network. For added security, users have the option to disable \nthe web interface, further protecting the device from potential \nweb-based exploitations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2025-47901",
"datePublished": "2025-10-20T17:48:20.775Z",
"dateReserved": "2025-05-13T19:24:53.452Z",
"dateUpdated": "2026-03-31T10:38:33.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47900 (GCVE-0-2025-47900)
Vulnerability from cvelistv5
Published
2025-10-20 17:43
Modified
2026-03-31 10:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | Time Provider 4100 |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T18:01:10.599374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T18:02:36.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Time Provider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated user with access to the web interface on a separate management port."
}
],
"value": "An authenticated user with access to the web interface on a separate management port."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dario Emilio Bertani"
},
{
"lang": "en",
"type": "finder",
"value": "Raffaele Bova"
},
{
"lang": "en",
"type": "finder",
"value": "Andrea Sindoni"
},
{
"lang": "en",
"type": "finder",
"value": "Simone Bossi"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Manieri"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research (TIM S.p.A)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Microchip Time Provider 4100 allows OS Command Injection.\u003cp\u003eThis issue affects Time Provider 4100: before 2.5.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T10:38:11.018Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution"
},
{
"tags": [
"technical-description"
],
"url": "https://www.gruppotim.it/en/footer/TIM-red-team.html"
}
],
"source": {
"advisory": "PSIRT-101",
"discovery": "UNKNOWN"
},
"title": "RCE on backup configuration password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Do not expose the web interface on the separate management port to an \nuntrusted network. For added security, users have the option to disable \nthe web interface, further protecting the device from potential \nweb-based exploitations."
}
],
"value": "Do not expose the web interface on the separate management port to an \nuntrusted network. For added security, users have the option to disable \nthe web interface, further protecting the device from potential \nweb-based exploitations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2025-47900",
"datePublished": "2025-10-20T17:43:33.890Z",
"dateReserved": "2025-05-13T19:24:53.452Z",
"dateUpdated": "2026-03-31T10:38:11.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-29155 (GCVE-0-2024-29155)
Vulnerability from cvelistv5
Published
2024-10-16 15:51
Modified
2025-09-02 14:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is
received, the device becomes incapable of completing the pairing
process. A third party can inject a second PairReqNoInputNoOutput request
just after a real one, causing the pair request to be blocked.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T17:13:24.313288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T14:11:05.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RN4870",
"vendor": "Microchip",
"versions": [
{
"lessThan": "1.44",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wu, Tianwei"
},
{
"lang": "en",
"type": "finder",
"value": "Hussain Syed Rafiul"
},
{
"lang": "en",
"type": "finder",
"value": "Ishtiaq, Abdullah Al"
},
{
"lang": "en",
"type": "finder",
"value": "RASHID, SYED MD MUKIT"
},
{
"lang": "en",
"type": "reporter",
"value": "The Pennsylvania State University"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is \nreceived, the device becomes incapable of completing the pairing \nprocess. A third party can inject a second PairReqNoInputNoOutput request \njust after a real one, causing the pair request to be blocked."
}
],
"value": "On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is \nreceived, the device becomes incapable of completing the pairing \nprocess. A third party can inject a second PairReqNoInputNoOutput request \njust after a real one, causing the pair request to be blocked."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-239",
"description": "CWE-239",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:19:19.590Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.microchip.com/en-us/product/rn4870"
},
{
"tags": [
"release-notes",
"product",
"technical-description"
],
"url": "https://ww1.microchip.com/downloads/aemDocuments/documents/WSG/ProductDocuments/SoftwareLibraries/Firmware/RN4870-71-Firmware-1.44.zip"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to firmware version 1.44 or higher.\u003cbr\u003e"
}
],
"value": "Update to firmware version 1.44 or higher."
}
],
"source": {
"advisory": "PSIRT-37",
"discovery": "UNKNOWN"
},
"title": "Denial of service on Microchip RN4870 devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-29155",
"datePublished": "2024-10-16T15:51:11.819Z",
"dateReserved": "2024-03-18T06:11:27.983Z",
"dateUpdated": "2025-09-02T14:11:05.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43683 (GCVE-0-2024-43683)
Vulnerability from cvelistv5
Published
2024-10-04 19:56
Modified
2024-11-01 15:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | TimeProvider 4100 |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "timeprovider_4100_firmware",
"vendor": "microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T21:24:56.897223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T22:15:29.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TimeProvider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "1.0",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armando Huesca Prida"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Negro"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.\u003cp\u003eThis issue affects TimeProvider 4100: from 1.0.\u003c/p\u003e"
}
],
"value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-86",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-86 XSS Through HTTP Headers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:59:19.229Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-improper-verification-of-host-header"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"source": {
"advisory": "PSIRT-88",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-27T11:03:00.000Z",
"value": "Reported"
}
],
"title": "Improper verification of the Host header in TimeProvider 4100",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations.\u003cbr\u003e"
}
],
"value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-43683",
"datePublished": "2024-10-04T19:56:15.872Z",
"dateReserved": "2024-08-14T15:39:44.265Z",
"dateUpdated": "2024-11-01T15:59:19.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43684 (GCVE-0-2024-43684)
Vulnerability from cvelistv5
Published
2024-10-04 19:51
Modified
2025-08-29 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | TimeProvider 4100 |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "timeprovider_4100_firmware",
"vendor": "microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T21:24:57.843121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T22:15:36.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TimeProvider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThanOrEqual": "2.4.7",
"status": "affected",
"version": "1.0",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armando Huesca Prida"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Negro"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects TimeProvider 4100: from 1.0.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
},
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:11:56.019Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-cross-site-request-forgery"
}
],
"source": {
"advisory": "PSIRT-87",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-27T11:03:00.000Z",
"value": "Reported"
}
],
"title": "Cross-Site Request Forgery vulnerability in TimeProvider 4100",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations.\u003cbr\u003e"
}
],
"value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-43684",
"datePublished": "2024-10-04T19:51:51.926Z",
"dateReserved": "2024-08-14T15:39:44.265Z",
"dateUpdated": "2025-08-29T20:11:56.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43685 (GCVE-0-2024-43685)
Vulnerability from cvelistv5
Published
2024-10-04 19:48
Modified
2025-08-29 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | TimeProvider 4100 |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "timeprovider_4100_firmware",
"vendor": "microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T21:24:58.808883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T22:15:46.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"login"
],
"product": "TimeProvider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "1.0",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armando Huesca Prida"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Negro"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.\u003cp\u003eThis issue affects TimeProvider 4100: from 1.0 before 2.4.7.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:21:47.659Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-session-token-fixation"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"source": {
"advisory": "PSIRT-86",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-27T11:03:00.000Z",
"value": "Reported"
}
],
"title": "Session token fixation in TimeProvider 4100",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations.\n\n\u003cbr\u003e"
}
],
"value": "It is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-43685",
"datePublished": "2024-10-04T19:48:53.595Z",
"dateReserved": "2024-08-14T15:39:44.265Z",
"dateUpdated": "2025-08-29T20:21:47.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43686 (GCVE-0-2024-43686)
Vulnerability from cvelistv5
Published
2024-10-04 19:47
Modified
2024-10-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | TimeProvider 4100 |
Version: 1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T21:21:44.757309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T22:15:53.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"data plot"
],
"product": "TimeProvider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "1.0",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armando Huesca Prida"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Negro"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.\u003cp\u003eThis issue affects TimeProvider 4100: from 1.0 before 2.4.7.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:42:38.819Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-reflected-xss-vulnerability"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"source": {
"advisory": "PSIRT-85",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-27T11:03:00.000Z",
"value": "Reported"
}
],
"title": "Reflected XSS in TimeProvider 4100 chart component",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It\n is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations.\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n \n\n\u003c/div\u003e"
}
],
"value": "It\n is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-43686",
"datePublished": "2024-10-04T19:47:06.117Z",
"dateReserved": "2024-08-14T15:39:44.265Z",
"dateUpdated": "2024-10-07T20:42:38.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9054 (GCVE-0-2024-9054)
Vulnerability from cvelistv5
Published
2024-10-04 19:42
Modified
2025-08-29 20:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | TimeProvider 4100 |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "timeprovider_4100_firmware",
"vendor": "microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T21:24:59.715765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T22:16:03.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Configuration"
],
"product": "TimeProvider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "1.0",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armando Huesca Prida"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Negro"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.\u003cp\u003eThis issue affects TimeProvider 4100: from 1.0 before 2.4.7.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:24:45.480Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-rce-through-configuration-file"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"source": {
"advisory": "PSIRT-82",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-27T11:03:00.000Z",
"value": "Reported"
}
],
"title": "Remote code Execution inTimeProvider\u00ae 4100",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eIt is important to note that the web interface is only available on a physically separate management port, and these vulnerabilities have no impact on the timing service ports. For added security, users have the option to disable the web interface, further protecting the device from potential web-based exploits.\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "It is important to note that the web interface is only available on a physically separate management port, and these vulnerabilities have no impact on the timing service ports. For added security, users have the option to disable the web interface, further protecting the device from potential web-based exploits."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-9054",
"datePublished": "2024-10-04T19:42:44.129Z",
"dateReserved": "2024-09-20T18:55:57.827Z",
"dateUpdated": "2025-08-29T20:24:45.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43687 (GCVE-0-2024-43687)
Vulnerability from cvelistv5
Published
2024-10-04 19:41
Modified
2025-05-23 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | TimeProvider 4100 |
Version: 1.0 Version: 2.4.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T21:21:43.789883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T22:16:09.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"banner config"
],
"product": "TimeProvider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "1.0",
"versionType": "firmware"
},
{
"lessThan": "2.5",
"status": "affected",
"version": "2.4.16",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armando Huesca Prida"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Negro"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects TimeProvider 4100: from 1.0 before 2.4.7.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T15:13:13.627Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-stored-xss-vulnerability-in-banner"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Separate the access to the management port and the timing service ports into separate networks with appropriate access controls."
}
],
"value": "Separate the access to the management port and the timing service ports into separate networks with appropriate access controls."
}
],
"source": {
"advisory": "PSIRT-84",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-27T11:03:00.000Z",
"value": "Reported"
}
],
"title": "XSS vulnerability in bannerconfig endpoint in TimeProvider 4100",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It\n is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitation.\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n \n\n\u003c/div\u003e"
}
],
"value": "It\n is important to note that the web interface is only available on a \nphysically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitation."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-43687",
"datePublished": "2024-10-04T19:41:15.354Z",
"dateReserved": "2024-08-14T15:39:44.265Z",
"dateUpdated": "2025-05-23T15:13:13.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7801 (GCVE-0-2024-7801)
Vulnerability from cvelistv5
Published
2024-10-04 19:38
Modified
2024-10-04 22:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | TimeProvider 4100 |
Version: 1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T21:21:42.790581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T22:16:19.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Data plot"
],
"product": "TimeProvider 4100",
"vendor": "Microchip",
"versions": [
{
"lessThan": "2.4.7",
"status": "affected",
"version": "1.0",
"versionType": "firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armando Huesca Prida"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Negro"
},
{
"lang": "en",
"type": "finder",
"value": "Antonio Carriero"
},
{
"lang": "en",
"type": "finder",
"value": "Vito Pistillo"
},
{
"lang": "en",
"type": "finder",
"value": "Davide Renna"
},
{
"lang": "en",
"type": "finder",
"value": "Manuel Leone"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
},
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.\u003cp\u003eThis issue affects TimeProvider 4100: from 1.0 before 2.4.7.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T19:44:43.588Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-unathenticated-sql-injection"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"source": {
"advisory": "PSIRT-83",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-27T11:03:00.000Z",
"value": "Reported"
}
],
"title": "SQL injection in get_chart_data in TimeProvider 4100",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\n\u003cdiv\u003e\u003cp\u003eIt is important to note that the web interface is only available on a\n physically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "It is important to note that the web interface is only available on a\n physically separate management port and these vulnerabilities have no \nimpact on the timing service ports. For added security, users have the \noption to disable the web interface, further protecting the device from \npotential web-based exploitations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-7801",
"datePublished": "2024-10-04T19:38:08.280Z",
"dateReserved": "2024-08-14T15:33:40.608Z",
"dateUpdated": "2024-10-04T22:16:19.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30212 (GCVE-0-2024-30212)
Vulnerability from cvelistv5
Published
2024-05-28 16:07
Modified
2025-02-13 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
If a SCSI READ(10) command is initiated via USB using the largest LBA
(0xFFFFFFFF) with it's default block size of 512 and a count of 1,
the first 512 byte of the 0x80000000 memory area is returned to the
user. If the block count is increased, the full RAM can be exposed.
The same method works to write to this memory area. If RAM contains
pointers, those can be - depending on the application - overwritten to
return data from any other offset including Progam and Boot Flash.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microchip | MPLAB® Harmony 3 Core Module |
Version: 3.0.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:25:03.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"mitigation",
"x_transferred"
],
"url": "https://github.com/Microchip-MPLAB-Harmony/core/commit/d4608a4f1a140bd899cd4337cdbfb343a4339216"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://github.com/Microchip-MPLAB-Harmony/core/blob/master/release_notes.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Fehr-GmbH/blackleak"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microchip:mplab_harmony:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mplab_harmony",
"vendor": "microchip",
"versions": [
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30212",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:20:02.167062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:46:22.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"memory"
],
"packageName": "core",
"product": "MPLAB\u00ae Harmony 3 Core Module",
"programFiles": [
"drv_memory.c.ftl"
],
"programRoutines": [
{
"name": "DRV_MEMORY_SetupXfer"
}
],
"repo": "https://github.com/Microchip-MPLAB-Harmony",
"vendor": "Microchip",
"versions": [
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it\u0027s default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned. The same applies for SCSI WRITE."
}
],
"value": "If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it\u0027s default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned. The same applies for SCSI WRITE."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fehr GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If a SCSI READ(10) command is initiated via USB using the largest LBA \n(0xFFFFFFFF) with it\u0027s default block size of 512 and a count of 1,\u003cbr\u003e\nthe first 512 byte of the 0x80000000 memory area is returned to the \nuser. If the block count is increased, the full RAM can be exposed.\u003cbr\u003e\nThe same method works to write to this memory area. If RAM contains \npointers, those can be - depending on the application - overwritten to\u003cbr\u003e\nreturn data from any other offset including Progam and Boot Flash.\n\n\u003cbr\u003e"
}
],
"value": "If a SCSI READ(10) command is initiated via USB using the largest LBA \n(0xFFFFFFFF) with it\u0027s default block size of 512 and a count of 1,\n\nthe first 512 byte of the 0x80000000 memory area is returned to the \nuser. If the block count is increased, the full RAM can be exposed.\n\nThe same method works to write to this memory area. If RAM contains \npointers, those can be - depending on the application - overwritten to\n\nreturn data from any other offset including Progam and Boot Flash."
}
],
"impacts": [
{
"capecId": "CAPEC-92",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-92: Forced Integer Overflow"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T11:32:35.566Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"patch",
"mitigation"
],
"url": "https://github.com/Microchip-MPLAB-Harmony/core/commit/d4608a4f1a140bd899cd4337cdbfb343a4339216"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/Microchip-MPLAB-Harmony/core/blob/master/release_notes.md"
},
{
"url": "https://github.com/Fehr-GmbH/blackleak"
}
],
"source": {
"advisory": "PSIRT-34",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-08-21T07:00:00.000Z",
"value": "Detected"
}
],
"title": "Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-30212",
"datePublished": "2024-05-28T16:07:52.946Z",
"dateReserved": "2024-03-26T03:56:03.743Z",
"dateUpdated": "2025-02-13T17:47:45.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4760 (GCVE-0-2024-4760)
Vulnerability from cvelistv5
Published
2024-05-16 13:07
Modified
2025-06-06 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1247 - Improper Protection Against Voltage and Clock Glitches
Summary
A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microchip | SAME70 |
Version: 0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:amtel:same70:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "same70",
"vendor": "amtel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:amtel:sams70:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sams70",
"vendor": "amtel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:amtel:samv70:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "samv70",
"vendor": "amtel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:amtel:samv71:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "samv71",
"vendor": "amtel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:22:40.820250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:53:31.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SAME70",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "affected",
"product": "SAMS70",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "affected",
"product": "SAMV70",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "affected",
"product": "SAMV71",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAMG55",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM4C",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM4S",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM4N",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM4E",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM3S",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM3N",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAM3U",
"vendor": "Microchip",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Physical control of the VDDCore pins\u003cbr\u003e"
}
],
"value": "Physical control of the VDDCore pins"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Waleed Alzamil"
},
{
"lang": "en",
"type": "finder",
"value": "Bandar Alharbi"
},
{
"lang": "en",
"type": "finder",
"value": "Meshari Alhammadi"
}
],
"datePublic": "2024-05-16T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM\u0026nbsp;4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers\u0026nbsp;allows access to the memory bus via the debug interface even if the security bit is set."
}
],
"value": "A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM\u00a04C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers\u00a0allows access to the memory bus via the debug interface even if the security bit is set."
}
],
"impacts": [
{
"capecId": "CAPEC-624",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-624: Hardware Fault Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1247",
"description": "CWE-1247: Improper Protection Against Voltage and Clock Glitches",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T15:08:03.023Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ww1.microchip.com/downloads/aemDocuments/documents/MCU32/ProductDocuments/SupportingCollateral/Security-Advisory-CVE-2024-4760.pdf"
}
],
"source": {
"advisory": "PSIRT-73",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-02-15T17:19:00.000Z",
"value": "Initial report"
},
{
"lang": "en",
"time": "2025-06-06T07:00:00.000Z",
"value": "Vendor Advisory issued"
}
],
"title": "Voltage glitch during startup of the EEFC NVM controller can bypass the security bit",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please contact Microchip to obtain the appropriate patch for your devices, which are available as binary code\u003cbr\u003eupdates."
}
],
"value": "Please contact Microchip to obtain the appropriate patch for your devices, which are available as binary code\nupdates."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2024-4760",
"datePublished": "2024-05-16T13:07:57.462Z",
"dateReserved": "2024-05-10T15:18:00.908Z",
"dateUpdated": "2025-06-06T15:08:03.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}