Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-43685

Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

Published

2024-10-04T20:15:06.830

Last Modified

2024-10-17T15:17:20.217

Status

Analyzed

Source

dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	microchip	timeprovider_4100_firmware	< 2.4.7	Yes
Hardware	microchip	timeprovider_4100	-	No

References

https://www.gruppotim.it/it/footer/red-team.html Third Party Advisory (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)
https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-session-token-fixation Vendor Advisory (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)