Lucene search
K

419 matches found

Packet Storm
Packet Storm
added 2025/04/04 12:0 a.m.255 views

📄 Microchip TimeProvider 4100 Grandmaster 2.4.6 Cross Site Scripting

Microchip TimeProvider 4100 Grandmaster version 2.4.6 suffers from a persistent cross site scripting vulnerability. Exploit Title: Microchip TimeProvider 4100 Grandmaster banner - Stored XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero,...

7.7CVSS6.4AI score0.00786EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/04 12:0 a.m.311 views

Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)

Exploit Title: Microchip TimeProvider 4100 Grandmaster Banner Config Modules 2.4.6 - Stored Cross-Site Scripting XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of...

7.7CVSS6.4AI score0.00786EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/02/05 7:5 a.m.8 views

CVE-2024-32741

A vulnerability has been identified in SIMATIC CN 4100 All versions V3.0. The affected device contains hard coded password which is used for the privileged system user root and for the boot loader GRUB by default . An attacker who manages to crack the password hash gains root access to the device...

10CVSS6.9AI score0.00629EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:59 a.m.7 views

CVE-2024-32742

A vulnerability has been identified in SIMATIC CN 4100 All versions V3.0. The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem...

7.6CVSS6.8AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:54 a.m.5 views

CVE-2024-32740

A vulnerability has been identified in SIMATIC CN 4100 All versions V3.0. The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network...

9.8CVSS6.7AI score0.00703EPSS
Exploits0References1
NVD
NVD
added 2024/10/04 8:15 p.m.66 views

CVE-2024-9054

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...

8.8CVSS0.1501EPSS
Exploits3References2
NVD
NVD
added 2024/10/04 8:15 p.m.35 views

CVE-2024-7801

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

6.5CVSS0.00843EPSS
Exploits2References2
OSV
OSV
added 2024/10/04 8:15 p.m.3 views

CVE-2024-9054

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...

8.8CVSS5.8AI score0.1501EPSS
Exploits3References2
OSV
OSV
added 2024/10/04 8:15 p.m.4 views

CVE-2024-43687

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

6.1CVSS5.8AI score0.00786EPSS
Exploits3References2
NVD
NVD
added 2024/10/04 8:15 p.m.40 views

CVE-2024-43687

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

7.7CVSS0.00786EPSS
Exploits3References2
OSV
OSV
added 2024/10/04 8:15 p.m.4 views

CVE-2024-7801

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

6.5CVSS5.8AI score0.00843EPSS
Exploits2References2
NVD
NVD
added 2024/10/04 8:15 p.m.20 views

CVE-2024-43685

Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

9.8CVSS0.0044EPSS
Exploits0References2
NVD
NVD
added 2024/10/04 8:15 p.m.29 views

CVE-2024-43683

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...

8.7CVSS0.00211EPSS
Exploits0References2
OSV
OSV
added 2024/10/04 8:15 p.m.3 views

CVE-2024-43683

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2024/10/04 8:15 p.m.4 views

CVE-2024-43686

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 data plot modules allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

6.1CVSS5.8AI score0.11528EPSS
Exploits0References2
OSV
OSV
added 2024/10/04 8:15 p.m.4 views

CVE-2024-43684

Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...

8.8CVSS5.8AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2024/10/04 8:15 p.m.7 views

CVE-2024-43685

Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2024/10/04 8:15 p.m.19 views

CVE-2024-43686

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 data plot modules allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

6.1CVSS0.11528EPSS
Exploits0References2
NVD
NVD
added 2024/10/04 8:15 p.m.26 views

CVE-2024-43684

Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...

8.8CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/04 7:56 p.m.12 views

CVE-2024-43683 Improper verification of the Host header in TimeProvider 4100

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...

8.7CVSS6.1AI score0.00211EPSS
Exploits0References2
Rows per page
Query Builder