CVE-2024-43684

Microchip TimeProvider 4100 is affected by a CSRF vulnerability (also enabling XSS). Affected: TimeProvider 4100, versions 1.0 and later. Root cause: CSRF/XSS issues on the device allow unauthorized actions. Impact: high in both confidentiality and integrity; availability also at risk per CVSS da...

CVE-2024-43685 Session token fixation in TimeProvider 4100

Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-43685

The CVE-2024-43685 issue affects Microchip TimeProvider 4100 login modules (versions 1.0 through 2.4.7). Root cause is improper authentication, enabling session hijacking. Affected product: TimeProvider 4100. Impact is session hijacking risk due to inadequate authentication in login modules. Reme...

CVE-2024-43685 Session token fixation in TimeProvider 4100

Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-43686

CVE-2024-43686 affects Microchip TimeProvider 4100 data plot modules. Vulnerable in TimeProvider 4100 versions 1.0 through before 2.4.7; condition is improper neutralization of input during web page generation, resulting in reflected XSS. Connected sources specify an affected product scope and th...

CVE-2024-9054 Remote code Execution inTimeProvider® 4100

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...

EUVD-2024-49694

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...

CVE-2024-9054

CVE-2024-9054 describes an OS command injection in Microchip TimeProvider 4100 (Configuration modules). Affected firmware versions range from 1.0 up to before 2.4.7 (i.e., 1.0–2.4.6, with 2.4.7 and later fixed). Root cause: improper neutralization of special elements in OS commands used by the co...

CVE-2024-9054 Remote code Execution inTimeProvider® 4100

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...

CVE-2024-43687

The CVE-2024-43687 entry concerns Microchip TimeProvider 4100 banner config modules and an XSS flaw caused by improper input neutralization during web page generation. Affected versions are 1.0 through 2.4.6 ( TimeProvider 4100 ), with the advisory noting versions up to 2.4.7 fixed. Impact is Cro...

CVE-2024-7801 SQL injection in get_chart_data in TimeProvider 4100

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-7801

CVE-2024-7801 affects Microchip TimeProvider 4100 Grandmaster/Data plot modules. Public records indicate an SQL injection in get_chart_data affecting TimeProvider 4100 from firmware 1.0 up to but not including 2.4.7, with remediation to upgrade to 2.4.7 or later. Exploit-DB documents a test explo...

CVE-2024-7801 SQL injection in get_chart_data in TimeProvider 4100

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

PT-2024-30611 · Microchip · Microchip Timeprovider 4100

Name of the Vulnerable Software and Affected Versions: Microchip TimeProvider 4100 versions 1.0 and later Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that also allows Cross-Site Scripting XSS. This vulnerability affects the Microchip TimeProvider 4100, allowing for...

PT-2024-30613 · Microchip · Timeprovider 4100

Name of the Vulnerable Software and Affected Versions: Microchip TimeProvider 4100 versions 1.0 through 2.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. The...

Microchip TimeProvider 4100 跨站请求伪造漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in Microchip TimeProvider 4100 that stems from susceptibility to cross-site request forgery and cross-site scripting attacks...

Microchip TimeProvider 4100 安全漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in Microchip TimeProvider 4100 versions prior to 2.4.7, which stems from improper neutralization of a special element, resulting in SQL injection...

Microchip TimeProvider 4100 安全漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in Microchip TimeProvider 4100 versions prior to 2.4.7, which arises from improper input neutralization during web page generation and is susceptible to cross-site scripting attacks...

Microchip TimeProvider 4100 授权问题漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in Microchip TimeProvider 4100 versions prior to 2.4.7 that stems from improper authentication and could lead to session hijacking...

Microchip TimeProvider 4100 安全漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in Microchip TimeProvider 4100 versions prior to 2.4.7, which arises from improper input neutralization during web page generation and is susceptible to cross-site scripting attacks...