Vulnerabilities > Microchip > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-04 CVE-2024-43684 Cross-Site Request Forgery (CSRF) vulnerability in Microchip Timeprovider 4100 Firmware
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
network
low complexity
microchip CWE-352
8.8
2024-10-04 CVE-2024-9054 OS Command Injection vulnerability in Microchip Timeprovider 4100 Firmware
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
network
low complexity
microchip CWE-78
8.8
2022-12-19 CVE-2022-46399 Unspecified vulnerability in Microchip products
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.
high complexity
microchip
7.5
2022-12-19 CVE-2022-46403 Unspecified vulnerability in Microchip products
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.
network
low complexity
microchip
8.6
2021-08-05 CVE-2021-37604 Always-Incorrect Control Flow Implementation vulnerability in Microchip Miwi 6.5
In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication.
network
low complexity
microchip CWE-670
7.5
2021-08-05 CVE-2021-37605 Always-Incorrect Control Flow Implementation vulnerability in Microchip Miwi 6.5
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
network
low complexity
microchip CWE-670
7.5
2020-09-14 CVE-2020-12789 Use of Hard-coded Credentials vulnerability in Microchip products
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
network
low complexity
microchip CWE-798
7.5
2020-09-14 CVE-2020-12788 Information Exposure Through Discrepancy vulnerability in Microchip products
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
network
low complexity
microchip CWE-203
7.5
2020-09-14 CVE-2020-12787 Unspecified vulnerability in Microchip products
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
network
low complexity
microchip
7.5
2020-02-17 CVE-2020-9034 Unspecified vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.
network
low complexity
microchip
7.5