Products
Microchip TimeProvider 4100 (Configuration modules)
- 1.0 before 2.4.7
Source
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Tags
CVE-2024-9054 details
Published : Oct. 4, 2024, 8:15 p.m.
Last Modified : Oct. 4, 2024, 8:15 p.m.
Last Modified : Oct. 4, 2024, 8:15 p.m.
Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
References
| URL | Source |
|---|---|
| https://www.gruppotim.it/it/footer/red-team.html | dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 |
| https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-rce-through-configuration-file | dc3f6da9-85b5-4a73-84a2-2ec90b40fca5 |
This website uses the NVD API, but is not approved or certified by it.