CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9054 – Remote code Execution inTimeProvider® 4100
https://notcve.org/view.php?id=CVE-2024-9054
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. • https://www.gruppotim.it/it/footer/red-team.html https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-rce-through-configuration-file • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43687 – XSS vulnerability in bannerconfig endpoint in TimeProvider 4100
https://notcve.org/view.php?id=CVE-2024-43687
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7. • https://www.gruppotim.it/it/footer/red-team.html https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-stored-xss-vulnerability-in-banner • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7801 – SQL injection in get_chart_data in TimeProvider 4100
https://notcve.org/view.php?id=CVE-2024-7801
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. • https://www.gruppotim.it/it/footer/red-team.html https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-unathenticated-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7490 – Remote Code Execution in Advanced Software Framework DHCP server
https://notcve.org/view.php?id=CVE-2024-7490
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework. • https://www.microchip.com/en-us/tools-resources/develop/libraries/advanced-software-framework • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30212 – Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command
https://notcve.org/view.php?id=CVE-2024-30212
If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to write to this memory area. If RAM contains pointers, those can be - depending on the application - overwritten to return data from any other offset including Progam and Boot Flash. Si se inicia un comando SCSI READ(10) a través de USB utilizando el LBA más grande (0xFFFFFFFF) con su tamaño de bloque predeterminado de 512 y un recuento de 1, los primeros 512 bytes del área de memoria 0x80000000 se devuelven al usuario. Si se aumenta el número de bloques, toda la RAM puede quedar expuesta. • https://github.com/Fehr-GmbH/blackleak https://github.com/Microchip-MPLAB-Harmony/core/blob/master/release_notes.md https://github.com/Microchip-MPLAB-Harmony/core/commit/d4608a4f1a140bd899cd4337cdbfb343a4339216 • CWE-190: Integer Overflow or Wraparound •