MidnightBSD

Advisories for microchip

CVE-2019-15809 LOW

Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-203,

Products Affected

Vendor Product Version
cryptsoft s/a_idflex_v 010b.0352.0005
athena-scs idprotect 010b.0352.0005
microchip atmel_toolbox 00.03.11.05
tecsec armored_card 010e.0264.0001
athena-scs idprotect 0106.0130.0401
tecsec armored_card 108.0264.0001
thalesgroup etoken_4300 010e.1245.0002
athena-scs idprotect 010e.1245.0002
CVE-2019-16127 MEDIUM

Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
microchip advanced_software_framework_4 -
CVE-2019-16128 MEDIUM

Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
microchip cryptoauthlib *
CVE-2019-16129 MEDIUM

Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
microchip cryptoauthlib *
CVE-2019-19195 MEDIUM

The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
microchip atmsamb11_blusdk_smart *
CVE-2020-12787 MEDIUM

Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
microchip atsama5d41a-cu_firmware -
microchip atsama5d24c-cur_firmware -
microchip atsama5d28c-d1g-cur_firmware -
microchip atsama5d42b-cu_firmware -
microchip atsama5d27c-ld1g-cur_firmware -
microchip atsama5d21c-cu_firmware -
microchip atsama5d34a-cu_firmware -
microchip atsama5d35a-cu_firmware -
microchip atsama5d22c-cur_firmware -
microchip atsama5d28c-ld2g-cu_firmware -
microchip atsama5d33a-cu_firmware -
microchip atsama5d24c-cuf_firmware -
microchip atsama5d44a-cu_firmware -
microchip atsama5d28c-cn_firmware -
microchip atsama5d36a-cn_firmware -
microchip atsama5d41b-cu_firmware -
microchip atsama5d43a-cur_firmware -
microchip atsama5d28c-cnr_firmware -
microchip atsama5d22c-cn_firmware -
microchip atsama5d27c-ld2g-cu_firmware -
microchip atsama5d23c-cu_firmware -
microchip atsama5d28c-d1g-cu_firmware -
microchip atsama5d34a-cur_firmware -
microchip atsama5d27c-d1g-cur_firmware -
microchip atsama5d27c-cnrvao_firmware -
microchip atsama5d28c-ld2g-cur_firmware -
microchip atsama5d27c-cur_firmware -
microchip atsama5d35a-cur_firmware -
microchip atsama5d42a-cur_firmware -
microchip atsama5d31a-cfu_firmware -
microchip atsama5d22c-cu_firmware -
microchip atsama5d43a-cu_firmware -
microchip atsama5d26c-cn_firmware -
microchip atsama5d27c-cnr_firmware -
microchip atsama5d35a-cn_firmware -
microchip atsama5d26c-cu_firmware -
microchip atsama5d33a-cur_firmware -
microchip atsama5d43b-cu_firmware -
microchip atsama5d27-som1_firmware -
microchip atsama5d42b-cur_firmware -
microchip atsama5d23c-cn_firmware -
microchip atsama5d36a-cnr_firmware -
microchip atsama5d28c-cur_firmware -
microchip atsama5d26c-cnr_firmware -
microchip atsama5d31a-cur_firmware -
microchip atsama5d27c-cu_firmware -
microchip atsama5d27c-d1g-cu_firmware -
microchip atsama5d28c-ld1g-cur_firmware -
microchip atsama5d27-wlsom1_firmware -
microchip atsama5d43b-cur_firmware -
microchip atsama5d27c-cn_firmware -
microchip atsama5d36a-cur_firmware -
microchip atsama5d41b-cur_firmware -
microchip atsama5d225c-d1m-cur_firmware -
microchip atsama5d26c-cur_firmware -
microchip atsama5d23c-cur_firmware -
microchip atsama5d21c-cur_firmware -
microchip atsama5d24c-cu_firmware -
microchip atsama5d44a-cur_firmware -
microchip atsama5d27c-d5m-cur_firmware -
microchip atsama5d44b-cu_firmware -
microchip atsama5d27c-ld2g-cur_firmware -
microchip atsama5d28c-cu_firmware -
microchip atsama5d31a-cu_firmware -
microchip atsama5d31a-cfur_firmware -
microchip atsama5d27c-d5m-cu_firmware -
microchip atsama5d22c-cnr_firmware -
microchip atsama5d42a-cu_firmware -
microchip atsama5d36a-cu_firmware -
microchip atsama5d35a-cnr_firmware -
microchip atsama5d23c-cnr_firmware -
microchip atsama5d27c-cnvao_firmware -
microchip atsama5d27c-ld1g-cu_firmware -
microchip atsama5d44b-cur_firmware -
microchip atsama5d41a-cur_firmware -
microchip atsama5d28c-ld1g-cu_firmware -
CVE-2020-12788 MEDIUM

CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
microchip atsama5d41a-cu_firmware -
microchip atsama5d24c-cur_firmware -
microchip atsama5d28c-d1g-cur_firmware -
microchip atsama5d42b-cu_firmware -
microchip atsama5d27c-ld1g-cur_firmware -
microchip atsama5d21c-cu_firmware -
microchip atsama5d34a-cu_firmware -
microchip atsama5d35a-cu_firmware -
microchip atsama5d22c-cur_firmware -
microchip atsama5d28c-ld2g-cu_firmware -
microchip atsama5d33a-cu_firmware -
microchip atsama5d24c-cuf_firmware -
microchip atsama5d44a-cu_firmware -
microchip atsama5d28c-cn_firmware -
microchip atsama5d36a-cn_firmware -
microchip atsama5d41b-cu_firmware -
microchip atsama5d43a-cur_firmware -
microchip atsama5d28c-cnr_firmware -
microchip atsama5d22c-cn_firmware -
microchip atsama5d27c-ld2g-cu_firmware -
microchip atsama5d23c-cu_firmware -
microchip atsama5d28c-d1g-cu_firmware -
microchip atsama5d34a-cur_firmware -
microchip atsama5d27c-d1g-cur_firmware -
microchip atsama5d27c-cnrvao_firmware -
microchip atsama5d28c-ld2g-cur_firmware -
microchip atsama5d27c-cur_firmware -
microchip atsama5d35a-cur_firmware -
microchip atsama5d42a-cur_firmware -
microchip atsama5d31a-cfu_firmware -
microchip atsama5d22c-cu_firmware -
microchip atsama5d43a-cu_firmware -
microchip atsama5d26c-cn_firmware -
microchip atsama5d27c-cnr_firmware -
microchip atsama5d35a-cn_firmware -
microchip atsama5d26c-cu_firmware -
microchip atsama5d33a-cur_firmware -
microchip atsama5d43b-cu_firmware -
microchip atsama5d27-som1_firmware -
microchip atsama5d42b-cur_firmware -
microchip atsama5d23c-cn_firmware -
microchip atsama5d36a-cnr_firmware -
microchip atsama5d28c-cur_firmware -
microchip atsama5d26c-cnr_firmware -
microchip atsama5d31a-cur_firmware -
microchip atsama5d27c-cu_firmware -
microchip atsama5d27c-d1g-cu_firmware -
microchip atsama5d28c-ld1g-cur_firmware -
microchip atsama5d27-wlsom1_firmware -
microchip atsama5d43b-cur_firmware -
microchip atsama5d27c-cn_firmware -
microchip atsama5d36a-cur_firmware -
microchip atsama5d41b-cur_firmware -
microchip atsama5d225c-d1m-cur_firmware -
microchip atsama5d26c-cur_firmware -
microchip atsama5d23c-cur_firmware -
microchip atsama5d21c-cur_firmware -
microchip atsama5d24c-cu_firmware -
microchip atsama5d44a-cur_firmware -
microchip atsama5d27c-d5m-cur_firmware -
microchip atsama5d44b-cu_firmware -
microchip atsama5d27c-ld2g-cur_firmware -
microchip atsama5d28c-cu_firmware -
microchip atsama5d31a-cu_firmware -
microchip atsama5d31a-cfur_firmware -
microchip atsama5d27c-d5m-cu_firmware -
microchip atsama5d22c-cnr_firmware -
microchip atsama5d42a-cu_firmware -
microchip atsama5d36a-cu_firmware -
microchip atsama5d35a-cnr_firmware -
microchip atsama5d23c-cnr_firmware -
microchip atsama5d27c-cnvao_firmware -
microchip atsama5d27c-ld1g-cu_firmware -
microchip atsama5d44b-cur_firmware -
microchip atsama5d41a-cur_firmware -
microchip atsama5d28c-ld1g-cu_firmware -
CVE-2020-12789 MEDIUM

The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
microchip atsama5d41a-cu_firmware -
microchip atsama5d24c-cur_firmware -
microchip atsama5d28c-d1g-cur_firmware -
microchip atsama5d42b-cu_firmware -
microchip atsama5d27c-ld1g-cur_firmware -
microchip atsama5d21c-cu_firmware -
microchip atsama5d34a-cu_firmware -
microchip atsama5d35a-cu_firmware -
microchip atsama5d22c-cur_firmware -
microchip atsama5d28c-ld2g-cu_firmware -
microchip atsama5d33a-cu_firmware -
microchip atsama5d24c-cuf_firmware -
microchip atsama5d44a-cu_firmware -
microchip atsama5d28c-cn_firmware -
microchip atsama5d36a-cn_firmware -
microchip atsama5d41b-cu_firmware -
microchip atsama5d43a-cur_firmware -
microchip atsama5d28c-cnr_firmware -
microchip atsama5d22c-cn_firmware -
microchip atsama5d27c-ld2g-cu_firmware -
microchip atsama5d23c-cu_firmware -
microchip atsama5d28c-d1g-cu_firmware -
microchip atsama5d34a-cur_firmware -
microchip atsama5d27c-d1g-cur_firmware -
microchip atsama5d27c-cnrvao_firmware -
microchip atsama5d28c-ld2g-cur_firmware -
microchip atsama5d27c-cur_firmware -
microchip atsama5d35a-cur_firmware -
microchip atsama5d42a-cur_firmware -
microchip atsama5d31a-cfu_firmware -
microchip atsama5d22c-cu_firmware -
microchip atsama5d43a-cu_firmware -
microchip atsama5d26c-cn_firmware -
microchip atsama5d27c-cnr_firmware -
microchip atsama5d35a-cn_firmware -
microchip atsama5d26c-cu_firmware -
microchip atsama5d33a-cur_firmware -
microchip atsama5d43b-cu_firmware -
microchip atsama5d27-som1_firmware -
microchip atsama5d42b-cur_firmware -
microchip atsama5d23c-cn_firmware -
microchip atsama5d36a-cnr_firmware -
microchip atsama5d28c-cur_firmware -
microchip atsama5d26c-cnr_firmware -
microchip atsama5d31a-cur_firmware -
microchip atsama5d27c-cu_firmware -
microchip atsama5d27c-d1g-cu_firmware -
microchip atsama5d28c-ld1g-cur_firmware -
microchip atsama5d27-wlsom1_firmware -
microchip atsama5d43b-cur_firmware -
microchip atsama5d27c-cn_firmware -
microchip atsama5d36a-cur_firmware -
microchip atsama5d41b-cur_firmware -
microchip atsama5d225c-d1m-cur_firmware -
microchip atsama5d26c-cur_firmware -
microchip atsama5d23c-cur_firmware -
microchip atsama5d21c-cur_firmware -
microchip atsama5d24c-cu_firmware -
microchip atsama5d44a-cur_firmware -
microchip atsama5d27c-d5m-cur_firmware -
microchip atsama5d44b-cu_firmware -
microchip atsama5d27c-ld2g-cur_firmware -
microchip atsama5d28c-cu_firmware -
microchip atsama5d31a-cu_firmware -
microchip atsama5d31a-cfur_firmware -
microchip atsama5d27c-d5m-cu_firmware -
microchip atsama5d22c-cnr_firmware -
microchip atsama5d42a-cu_firmware -
microchip atsama5d36a-cu_firmware -
microchip atsama5d35a-cnr_firmware -
microchip atsama5d23c-cnr_firmware -
microchip atsama5d27c-cnvao_firmware -
microchip atsama5d27c-ld1g-cu_firmware -
microchip atsama5d44b-cur_firmware -
microchip atsama5d41a-cur_firmware -
microchip atsama5d28c-ld1g-cu_firmware -
CVE-2020-17441 MEDIUM

An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
microchip mplab_harmony *
altran picotcp *
CVE-2020-20950 MEDIUM

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
ietf public_key_cryptography_standards_#1 1.5
microchip microchip_libraries_for_applications *
CVE-2020-27636

In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
microchip mplab_network_creator 3.6.1
CVE-2020-9028 MEDIUM

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
microchip syncserver_s200_firmware 1.30
microchip syncserver_s250_firmware 1.25
microchip syncserver_s350_firmware 2.80.1
microchip syncserver_s100_firmware 2.90.70.3
microchip syncserver_s300_firmware 2.65.0
CVE-2020-9029 MEDIUM

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
microchip syncserver_s200_firmware 1.30
microchip syncserver_s250_firmware 1.25
microchip syncserver_s350_firmware 2.80.1
microchip syncserver_s100_firmware 2.90.70.3
microchip syncserver_s300_firmware 2.65.0
CVE-2020-9030 MEDIUM

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
microchip syncserver_s200_firmware 1.30
microchip syncserver_s250_firmware 1.25
microchip syncserver_s350_firmware 2.80.1
microchip syncserver_s100_firmware 2.90.70.3
microchip syncserver_s300_firmware 2.65.0
CVE-2020-9031 MEDIUM

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
microchip syncserver_s200_firmware 1.30
microchip syncserver_s250_firmware 1.25
microchip syncserver_s350_firmware 2.80.1
microchip syncserver_s100_firmware 2.90.70.3
microchip syncserver_s300_firmware 2.65.0
CVE-2020-9032 MEDIUM

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
microchip syncserver_s200_firmware 1.30
microchip syncserver_s250_firmware 1.25
microchip syncserver_s350_firmware 2.80.1
microchip syncserver_s100_firmware 2.90.70.3
microchip syncserver_s300_firmware 2.65.0
CVE-2020-9033 MEDIUM

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
microchip syncserver_s200_firmware 1.30
microchip syncserver_s250_firmware 1.25
microchip syncserver_s350_firmware 2.80.1
microchip syncserver_s100_firmware 2.90.70.3
microchip syncserver_s300_firmware 2.65.0
CVE-2020-9034 MEDIUM

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
microchip syncserver_s200_firmware 1.30
microchip syncserver_s250_firmware 1.25
microchip syncserver_s350_firmware 2.80.1
microchip syncserver_s100_firmware 2.90.70.3
microchip syncserver_s300_firmware 2.65.0
CVE-2021-37604 MEDIUM

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by injecting messages with a sufficiently large frame counter value and invalid payload. This results in denial of service/valid packets in the network. There is also a possibility of a replay attack in the stack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-670,

Products Affected

Vendor Product Version
microchip miwi 6.5
CVE-2021-37605 MEDIUM

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-670,

Products Affected

Vendor Product Version
microchip miwi 6.5
CVE-2022-40022

Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
microchip syncserver_s650_firmware -
CVE-2022-40480

Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
nordicsemi nrf5340-dk_firmware -
microchip dt100112_firmware -
CVE-2022-45190

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

Products Affected

Vendor Product Version
microchip rn4870_firmware 1.43
CVE-2022-45191

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
microchip rn4870_firmware 1.43
CVE-2022-45192

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
microchip rn4870_firmware 1.43
CVE-2022-46399

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.

Products Affected

Vendor Product Version
microchip bm77_firmware 1.43
microchip bm70_firmware 1.43
microchip is1870_firmware 1.43
microchip bm64_firmware 1.43
microchip bm78_firmware 1.43
microchip pic32cx1012bz25048_firmware 1.43
microchip is1871_firmware 1.43
microchip wbz451_firmware 1.43
microchip bm83_firmware 1.43
microchip rn4870_firmware 1.43
microchip bm71_firmware 1.43
microchip rn4871_firmware 1.43
microchip rn4678_firmware 1.43
microchip pic_lightblue_explorer_demo_firmware 4.2_dt100112
CVE-2022-46400

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.

Products Affected

Vendor Product Version
microchip bm83_firmware 1.43
microchip bm70_firmware 1.43
microchip rn4870_firmware 1.43
microchip bm71_firmware 1.43
microchip rn4871_firmware 1.43
microchip is1870_firmware 1.43
microchip bm78_firmware 1.43
microchip pic_lightblue_explorer_demo_firmware 4.2_dt100112
microchip is1871_firmware 1.43
CVE-2022-46401

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.

Products Affected

Vendor Product Version
microchip bm77_firmware 1.43
microchip bm70_firmware 1.43
microchip bm64_firmware 1.43
microchip bm78_firmware 1.43
microchip bm83_firmware 1.43
microchip rn4870_firmware 1.43
microchip bm71_firmware 1.43
microchip pic32cx1012bz25048_firmware -
microchip rn4871_firmware 1.43
microchip rn4678_firmware 1.43
microchip wbz451_firmware -
microchip pic_lightblue_explorer_demo_firmware 4.2_dt100112
CVE-2022-46402

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.

Products Affected

Vendor Product Version
microchip bm83_firmware 1.43
microchip bm70_firmware 1.43
microchip rn4870_firmware 1.43
microchip bm71_firmware 1.43
microchip rn4871_firmware 1.43
microchip is1870_firmware 1.43
microchip bm78_firmware 1.43
microchip pic_lightblue_explorer_demo_firmware 4.2_dt100112
microchip is1871_firmware 1.43
CVE-2022-46403

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.

Products Affected

Vendor Product Version
microchip bm83_firmware 1.43
microchip bm70_firmware 1.43
microchip rn4870_firmware 1.43
microchip bm71_firmware 1.43
microchip rn4871_firmware 1.43
microchip is1870_firmware 1.43
microchip bm78_firmware 1.43
microchip pic_lightblue_explorer_demo_firmware 4.2_dt100112
microchip is1871_firmware 1.43
CVE-2023-23588

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
siemens simatic_ipc647d_firmware *
siemens simatic_ipc847d_firmware *
siemens simatic_ipc1047_firmware *
microchip maxview_storage_manager *
CVE-2023-51438

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productcert@siemens.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
microchip maxview_storage_manager *
CVE-2024-22216

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
microchip maxview_storage_manager *
CVE-2024-43683

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.

Products Affected

Vendor Product Version
microchip timeprovider_4100_firmware *
CVE-2024-43684

Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.

Products Affected

Vendor Product Version
microchip timeprovider_4100_firmware *
CVE-2024-43685

Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

Products Affected

Vendor Product Version
microchip timeprovider_4100_firmware *
CVE-2024-7490

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework.

Products Affected

Vendor Product Version
microchip advanced_software_framework *
CVE-2024-9054

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

Products Affected

Vendor Product Version
microchip timeprovider_4100_firmware *
CVE-2025-47900

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

Products Affected

Vendor Product Version
microchip timeprovider_4100_firmware *
CVE-2025-47901

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

Products Affected

Vendor Product Version
microchip timeprovider_4100_firmware *
CVE-2025-47902

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.

Products Affected

Vendor Product Version
microchip timeprovider_4100_firmware *
CVE-2025-47904

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.

Products Affected

Vendor Product Version
microchip timeprovider_4100_firmware *