Microchip
Products
24- 12 CVEs
- 7 CVEs
- 5 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
50| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-40022 | Cri | 0.74 | 9.8 | 0.92 | Feb 13, 2023 | Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. | ||
| CVE-2023-51438 | Cri | 0.65 | 10.0 | 0.01 | Jan 9, 2024 | A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager <… | ||
| CVE-2024-22216 | Cri | 0.65 | 10.0 | 0.01 | Jan 8, 2024 | In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484… | ||
| CVE-2025-9497 | Cri | 0.64 | 9.8 | 0.00 | Mar 28, 2026 | Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0. | ||
| CVE-2020-27636 | Cri | 0.59 | 9.1 | 0.01 | Oct 10, 2023 | In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. | ||
| CVE-2019-16127 | Cri | 0.59 | 9.1 | 0.02 | Oct 22, 2020 | Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. | ||
| CVE-2022-46403 | Hig | 0.56 | 8.6 | 0.01 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages. | ||
| CVE-2022-46399 | Hig | 0.49 | 7.5 | 0.01 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. | ||
| CVE-2021-37605 | Hig | 0.49 | 7.5 | 0.01 | Aug 5, 2021 | In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes. | ||
| CVE-2021-37604 | Hig | 0.49 | 7.5 | 0.01 | Aug 5, 2021 | In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame… | ||
| CVE-2020-12789 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2020 | The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | ||
| CVE-2020-12788 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2020 | CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | ||
| CVE-2020-12787 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2020 | Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | ||
| CVE-2022-45192 | Med | 0.42 | 6.5 | 0.00 | Feb 8, 2023 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. | ||
| CVE-2022-45191 | Med | 0.42 | 6.5 | 0.00 | Feb 8, 2023 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. | ||
| CVE-2022-46402 | Med | 0.42 | 6.5 | 0.00 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values. | ||
| CVE-2019-19195 | Med | 0.42 | 6.5 | 0.01 | Feb 10, 2020 | The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | ||
| CVE-2024-4760 | Med | 0.41 | 6.3 | 0.00 | May 16, 2024 | A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set. | ||
| CVE-2023-23588 | Med | 0.40 | 6.2 | 0.00 | Apr 11, 2023 | A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows),… | ||
| CVE-2020-20950 | Med | 0.38 | 5.9 | 0.01 | Jan 19, 2021 | Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server… |
- risk 0.74cvss 9.8epss 0.92
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
- risk 0.65cvss 10.0epss 0.01
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager <…
- risk 0.65cvss 10.0epss 0.01
In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484…
- risk 0.64cvss 9.8epss 0.00
Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.
- risk 0.59cvss 9.1epss 0.01
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.
- risk 0.59cvss 9.1epss 0.02
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
- risk 0.56cvss 8.6epss 0.01
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.
- risk 0.49cvss 7.5epss 0.01
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.
- risk 0.49cvss 7.5epss 0.01
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
- risk 0.49cvss 7.5epss 0.01
In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame…
- risk 0.49cvss 7.5epss 0.01
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
- risk 0.49cvss 7.5epss 0.01
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
- risk 0.49cvss 7.5epss 0.01
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.
- risk 0.42cvss 6.5epss 0.00
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.
- risk 0.42cvss 6.5epss 0.01
The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
- risk 0.41cvss 6.3epss 0.00
A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.
- risk 0.40cvss 6.2epss 0.00
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows),…
- risk 0.38cvss 5.9epss 0.01
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server…