CVE-2024-7801

MEDIUM

6.5

Descricao

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

Detalhes CVE

Pontuacao CVSS v3.16.5

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado10/4/2024

Ultima modificacao10/17/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

microchip:timeprovider_4100microchip:timeprovider_4100_firmware

Fraquezas (CWE)

CWE-89CWE-89

Referencias

https://www.gruppotim.it/it/footer/red-team.html(dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)

https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-unathenticated-sql-injection(dc3f6da9-85b5-4a73-84a2-2ec90b40fca5)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.