Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7801

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

Published

2024-10-04T20:15:07.440

Last Modified

2024-10-17T15:19:27.053

Status

Analyzed

Source

dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-89
Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	microchip	timeprovider_4100_firmware	< 2.4.7	Yes
Hardware	microchip	timeprovider_4100	-	No

References

https://www.gruppotim.it/it/footer/red-team.html Exploit, Third Party Advisory (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)
https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-unathenticated-sql-injection Vendor Advisory (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)