CVE-2024-7801

MEDIUM

6.5

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

Details CVE

Score CVSS v3.16.5

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vecteur d'attaqueADJACENT_NETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie10/4/2024

Derniere modification10/17/2024

Sourcenvd

Observations honeypot0

Produits affectes

microchip:timeprovider_4100microchip:timeprovider_4100_firmware

Faiblesses (CWE)

CWE-89CWE-89

References

https://www.gruppotim.it/it/footer/red-team.html(dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)

https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-unathenticated-sql-injection(dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.