Lucene search

K

Microchip Security Vulnerabilities

cve
cve

CVE-2024-4760

A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71 microcontrollers allows access to the memory bus via the debug interface even if the security bit is...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 01:15 PM
26
cve
cve

CVE-2024-30212

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works...

6.9AI Score

0.0004EPSS

2024-05-28 04:15 PM
30
cve
cve

CVE-2024-22216

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064...

10CVSS

9AI Score

0.001EPSS

2024-01-08 07:15 AM
8
cve
cve

CVE-2023-51438

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26...

10CVSS

9.2AI Score

0.001EPSS

2024-01-09 10:15 AM
18
cve
cve

CVE-2023-23588

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC84...

6.3CVSS

6AI Score

0.0004EPSS

2023-04-11 10:15 AM
20
cve
cve

CVE-2020-27636

In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly...

9.1CVSS

9.1AI Score

0.001EPSS

2023-10-10 05:15 PM
5
cve
cve

CVE-2022-46399

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with...

7.5CVSS

7.5AI Score

0.001EPSS

2022-12-19 11:15 PM
40
cve
cve

CVE-2022-46400

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy...

5.4CVSS

5.5AI Score

0.001EPSS

2022-12-19 11:15 PM
26
cve
cve

CVE-2022-45190

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the...

5.3CVSS

5.3AI Score

0.0004EPSS

2023-02-08 12:15 AM
25
cve
cve

CVE-2022-40480

Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq...

6.5CVSS

6.3AI Score

0.0004EPSS

2023-02-08 12:15 AM
23
cve
cve

CVE-2022-40022

Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection...

9.8CVSS

9.7AI Score

0.791EPSS

2023-02-13 03:15 PM
27
cve
cve

CVE-2022-45192

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause...

6.5CVSS

6.4AI Score

0.0004EPSS

2023-02-08 12:15 AM
32
cve
cve

CVE-2022-45191

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong...

6.5CVSS

6.4AI Score

0.0004EPSS

2023-02-08 12:15 AM
27
cve
cve

CVE-2022-46401

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is...

5.4CVSS

5.5AI Score

0.001EPSS

2022-12-19 11:15 PM
32
cve
cve

CVE-2022-46403

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject...

8.6CVSS

8.5AI Score

0.001EPSS

2022-12-19 11:15 PM
25
cve
cve

CVE-2022-46402

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect...

6.5CVSS

6.5AI Score

0.001EPSS

2022-12-19 11:15 PM
20
cve
cve

CVE-2021-37605

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC)...

7.5CVSS

7.7AI Score

0.002EPSS

2021-08-05 04:15 PM
29
4
cve
cve

CVE-2021-37604

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by...

7.5CVSS

7.4AI Score

0.002EPSS

2021-08-05 04:15 PM
25
4
cve
cve

CVE-2020-20950

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable.....

5.9CVSS

5.5AI Score

0.003EPSS

2021-01-19 01:15 PM
22
3
cve
cve

CVE-2020-17441

An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service.....

9.1CVSS

9.2AI Score

0.003EPSS

2020-12-11 11:15 PM
38
cve
cve

CVE-2019-16128

Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of...

6.8CVSS

6.6AI Score

0.002EPSS

2020-10-22 08:15 PM
19
cve
cve

CVE-2019-16129

Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of...

6.8CVSS

6.6AI Score

0.002EPSS

2020-10-22 07:15 PM
16
cve
cve

CVE-2019-16127

Atmel Advanced Software Framework (ASF) 4 has an Integer...

9.1CVSS

9.1AI Score

0.003EPSS

2020-10-22 07:15 PM
15
cve
cve

CVE-2020-12788

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis...

7.5CVSS

7.5AI Score

0.002EPSS

2020-09-14 02:15 PM
15
cve
cve

CVE-2020-12789

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure...

7.5CVSS

7.4AI Score

0.002EPSS

2020-09-14 02:15 PM
23
1
cve
cve

CVE-2020-12787

Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet...

7.5CVSS

7.4AI Score

0.001EPSS

2020-09-14 02:15 PM
18
1
cve
cve

CVE-2020-9031

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to...

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-17 04:15 AM
87
cve
cve

CVE-2020-9029

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to...

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-17 04:15 AM
81
cve
cve

CVE-2020-9028

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new...

6.1CVSS

6AI Score

0.001EPSS

2020-02-17 04:15 AM
76
cve
cve

CVE-2020-9032

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to...

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-17 04:15 AM
75
cve
cve

CVE-2020-9033

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to...

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-17 04:15 AM
79
cve
cve

CVE-2020-9030

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-17 04:15 AM
81
cve
cve

CVE-2020-9034

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of...

7.5CVSS

7.6AI Score

0.001EPSS

2020-02-17 03:15 AM
82
cve
cve

CVE-2019-19195

The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted...

6.5CVSS

6.5AI Score

0.001EPSS

2020-02-10 09:51 PM
38
cve
cve

CVE-2019-15809

Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private...

4.7CVSS

4.6AI Score

0.0004EPSS

2019-10-03 02:15 PM
44
4
cve
cve

CVE-2009-1674

Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to...

8.4AI Score

0.061EPSS

2009-05-18 06:30 PM
21
cve
cve

CVE-2009-1608

Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other...

8AI Score

0.061EPSS

2009-05-11 08:00 PM
26
cve
cve

CVE-2006-2482

Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header....

7.8AI Score

0.022EPSS

2006-09-08 09:04 PM
17