Microchip Timeprovider 4100 vulnerabilities
7 known vulnerabilities affecting microchip/timeprovider_4100.
Total CVEs
7
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-9054P2HIGHCVSS 8.8PoC≥ 1.0, < 2.4.72024-10-04
CVE-2024-9054 [HIGH] CWE-78 CVE-2024-9054: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
nvd
CVE-2024-7801P3MEDIUMCVSS 6.5PoC≥ 1.0, < 2.4.72024-10-04
CVE-2024-7801 [MEDIUM] CWE-89 CVE-2024-7801: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
nvd
CVE-2024-43687P3MEDIUMCVSS 6.1PoC≥ 1.0, < 2.4.7≥ 2.4.16, < 2.52024-10-04
CVE-2024-43687 [MEDIUM] CWE-79 CVE-2024-43687: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
nvd
CVE-2024-43685P3CRITICALCVSS 9.8≥ 1.0, < 2.4.72024-10-04
CVE-2024-43685 [CRITICAL] CWE-613 CVE-2024-43685: Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
nvd
CVE-2024-43684P3HIGHCVSS 8.8≥ 1.0, ≤ 2.4.72024-10-04
CVE-2024-43684 [HIGH] CWE-79 CVE-2024-43684: Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Req
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
nvd
CVE-2024-43686P4MEDIUMCVSS 6.1≥ 1.0, < 2.4.72024-10-04
CVE-2024-43686 [MEDIUM] CWE-79 CVE-2024-43686: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
nvd
CVE-2024-43683P4MEDIUMCVSS 6.1≥ 1.0, < 2.4.72024-10-04
CVE-2024-43683 [MEDIUM] CWE-601 CVE-2024-43683: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 all
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.
nvd