Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
References
Link | Resource |
---|---|
https://www.gruppotim.it/it/footer/red-team.html | Exploit Third Party Advisory |
https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-rce-through-configuration-file | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
17 Oct 2024, 15:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Microchip timeprovider 4100 Firmware
Microchip timeprovider 4100 |
|
CPE | cpe:2.3:h:microchip:timeprovider_4100_grandmaster:-:*:*:*:*:*:*:* |
cpe:2.3:h:microchip:timeprovider_4100:-:*:*:*:*:*:*:* cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:* |
10 Oct 2024, 18:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Microchip timeprovider 4100 Grandmaster Firmware
Microchip timeprovider 4100 Grandmaster Microchip |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:o:microchip:timeprovider_4100_grandmaster_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:microchip:timeprovider_4100_grandmaster:-:*:*:*:*:*:*:* |
|
References | () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory | |
References | () https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-rce-through-configuration-file - Vendor Advisory |
07 Oct 2024, 17:48
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Oct 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-04 20:15
Updated : 2024-10-17 15:19
NVD link : CVE-2024-9054
Mitre link : CVE-2024-9054
CVE.ORG link : CVE-2024-9054
JSON object : View
Products Affected
microchip
- timeprovider_4100
- timeprovider_4100_firmware