cbcvebase.

Microchip Timeprovider 4100 Firmware vulnerabilities

11 known vulnerabilities affecting microchip/timeprovider_4100_firmware.

Total CVEs
11
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2024-9054P2HIGHCVSS 8.8PoC≥ 1.0, < 2.4.72024-10-04
CVE-2024-9054 [HIGH] CWE-78 CVE-2024-9054: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
nvd
CVE-2025-47901P2HIGHCVSS 8.8fixed in 2.52025-10-20
CVE-2025-47901 [HIGH] CWE-78 CVE-2025-47901: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
nvd
CVE-2025-47900P2HIGHCVSS 8.8fixed in 2.52025-10-20
CVE-2025-47900 [HIGH] CWE-78 CVE-2025-47900: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
nvd
CVE-2024-7801P3MEDIUMCVSS 6.5PoC≥ 1.0, < 2.4.72024-10-04
CVE-2024-7801 [MEDIUM] CWE-89 CVE-2024-7801: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
nvd
CVE-2025-47902P3HIGHCVSS 8.8fixed in 2.52025-10-20
CVE-2025-47902 [HIGH] CWE-89 CVE-2025-47902: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.
nvd
CVE-2024-43687P3MEDIUMCVSS 6.1PoC≥ 1.0, < 2.4.72024-10-04
CVE-2024-43687 [MEDIUM] CWE-79 CVE-2024-43687: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
nvd
CVE-2024-43685P3CRITICALCVSS 9.8≥ 1.0, < 2.4.72024-10-04
CVE-2024-43685 [CRITICAL] CWE-613 CVE-2024-43685: Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
nvd
CVE-2024-43684P3HIGHCVSS 8.8≥ 1.0, < 2.4.72024-10-04
CVE-2024-43684 [HIGH] CWE-79 CVE-2024-43684: Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Req Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
nvd
CVE-2024-43686P4MEDIUMCVSS 6.1≥ 1.0, < 2.4.72024-10-04
CVE-2024-43686 [MEDIUM] CWE-79 CVE-2024-43686: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
nvd
CVE-2024-43683P4MEDIUMCVSS 6.1≥ 1.0, < 2.4.72024-10-04
CVE-2024-43683 [MEDIUM] CWE-601 CVE-2024-43683: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 all URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.
nvd
CVE-2025-47904P4MEDIUMCVSS 4.1fixed in 2.52026-02-24
CVE-2025-47904 [MEDIUM] CWE-494 CVE-2025-47904: Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malici Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.
nvd
Microchip Timeprovider 4100 Firmware vulnerabilities | cvebase