Vulnerabilities > Microchip > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-04 | CVE-2024-43684 | Cross-Site Request Forgery (CSRF) vulnerability in Microchip Timeprovider 4100 Firmware Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0. | 8.8 |
| 2024-10-04 | CVE-2024-9054 | OS Command Injection vulnerability in Microchip Timeprovider 4100 Firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 8.8 |
| 2022-12-19 | CVE-2022-46399 | Unspecified vulnerability in Microchip products The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. high complexity microchip | 7.5 |
| 2022-12-19 | CVE-2022-46403 | Unspecified vulnerability in Microchip products The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages. | 8.6 |
| 2021-08-05 | CVE-2021-37604 | Always-Incorrect Control Flow Implementation vulnerability in Microchip Miwi 6.5 In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. | 7.5 |
| 2021-08-05 | CVE-2021-37605 | Always-Incorrect Control Flow Implementation vulnerability in Microchip Miwi 6.5 In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes. | 7.5 |
| 2020-09-14 | CVE-2020-12789 | Use of Hard-coded Credentials vulnerability in Microchip products The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | 7.5 |
| 2020-09-14 | CVE-2020-12788 | Information Exposure Through Discrepancy vulnerability in Microchip products CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | 7.5 |
| 2020-09-14 | CVE-2020-12787 | Unspecified vulnerability in Microchip products Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | 7.5 |
| 2020-02-17 | CVE-2020-9034 | Unspecified vulnerability in Microchip products Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. | 7.5 |