419 matches found
📄 Microchip TimeProvider 4100 Grandmaster 2.4.6 Cross Site Scripting
Microchip TimeProvider 4100 Grandmaster version 2.4.6 suffers from a persistent cross site scripting vulnerability. Exploit Title: Microchip TimeProvider 4100 Grandmaster banner - Stored XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero,...
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
Exploit Title: Microchip TimeProvider 4100 Grandmaster Banner Config Modules 2.4.6 - Stored Cross-Site Scripting XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of...
CVE-2024-32741
A vulnerability has been identified in SIMATIC CN 4100 All versions V3.0. The affected device contains hard coded password which is used for the privileged system user root and for the boot loader GRUB by default . An attacker who manages to crack the password hash gains root access to the device...
CVE-2024-32742
A vulnerability has been identified in SIMATIC CN 4100 All versions V3.0. The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem...
CVE-2024-32740
A vulnerability has been identified in SIMATIC CN 4100 All versions V3.0. The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network...
CVE-2024-9054
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...
CVE-2024-7801
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-9054
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...
CVE-2024-43687
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43687
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-7801
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43685
Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43683
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43683
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43686
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 data plot modules allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43684
Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43685
Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43686
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 data plot modules allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43684
Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43683 Improper verification of the Host header in TimeProvider 4100
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...