CVE-2024-9054

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microchip:timeprovider_4100:-:*:*:*:*:*:*:*

History

17 Oct 2024, 15:19

Type Values Removed Values Added
First Time Microchip timeprovider 4100 Firmware
Microchip timeprovider 4100
CPE cpe:2.3:o:microchip:timeprovider_4100_grandmaster_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microchip:timeprovider_4100_grandmaster:-:*:*:*:*:*:*:*
cpe:2.3:h:microchip:timeprovider_4100:-:*:*:*:*:*:*:*
cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*

10 Oct 2024, 18:46

Type Values Removed Values Added
First Time Microchip timeprovider 4100 Grandmaster Firmware
Microchip timeprovider 4100 Grandmaster
Microchip
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:o:microchip:timeprovider_4100_grandmaster_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:microchip:timeprovider_4100_grandmaster:-:*:*:*:*:*:*:*
References () https://www.gruppotim.it/it/footer/red-team.html - () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory
References () https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-rce-through-configuration-file - () https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-rce-through-configuration-file - Vendor Advisory

07 Oct 2024, 17:48

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de Neutralización Inadecuada de Elementos Especiales utilizados en un Comando del SO ('Inyección de Comando del SO'), Exposición de Información Sensible a un Actor No Autorizado en Microchip TimeProvider 4100 (módulos de configuración) permite la Inyección de Comandos. Este problema afecta a TimeProvider 4100: desde 1.0 hasta 2.4.7.

04 Oct 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-04 20:15

Updated : 2024-10-17 15:19


NVD link : CVE-2024-9054

Mitre link : CVE-2024-9054

CVE.ORG link : CVE-2024-9054


JSON object : View

Products Affected

microchip

  • timeprovider_4100
  • timeprovider_4100_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor