CVE-2024-4760 – Voltage glitch during startup of the EEFC NVM controller can bypass the security bit
https://notcve.org/view.php?id=CVE-2024-4760
A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71 microcontrollers allows access to the memory bus via the debug interface even if the security bit is set. • https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security • CWE-1247: Improper Protection Against Voltage and Clock Glitches •
CVE-2023-51438
https://notcve.org/view.php?id=CVE-2023-51438
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access. Se ha identificado una vulnerabilidad en SIMATIC IPC1047E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows), SIMATIC IPC647E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows), SIMATIC IPC847E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows). En instalaciones predeterminadas de maxView Storage Manager donde el servidor Redfish® está configurado para la administración remota del sistema, se ha identificado una vulnerabilidad que puede proporcionar acceso no autorizado. • https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf • CWE-20: Improper Input Validation •
CVE-2024-22216
https://notcve.org/view.php?id=CVE-2024-22216
In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339). En las instalaciones predeterminadas de Microchip maxView Storage Manager (para Adaptec Smart Storage Controllers) donde el servidor Redfish está configurado para la administración remota del sistema, puede ocurrir acceso no autorizado, con modificación de datos y divulgación de información. Esto afecta desde 3.00.23484 hasta 4.14.00.26064 (excepto las versiones parcheadas 3.07.23980 y 4.07.00.25339). • https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability •
CVE-2020-27636
https://notcve.org/view.php?id=CVE-2020-27636
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. En Microchip MPLAB Net 3.6.1, los ISN de TCP son incorrectamente aleatorios. • https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01 https://www.forescout.com https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks • CWE-330: Use of Insufficiently Random Values •
CVE-2023-23588
https://notcve.org/view.php?id=CVE-2023-23588
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit. • https://cert-portal.siemens.com/productcert/pdf/ssa-511182.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-295: Improper Certificate Validation •