VYPR
Vendor

Microchip

Products
24
CVEs
50
Across products
58
Status
Private

Products

24

Recent CVEs

50
View all 50 CVEs →
  • CVE-2022-40022CriFeb 13, 2023
    risk 0.74cvss 9.8epss 0.92

    Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.

  • CVE-2023-51438CriJan 9, 2024
    risk 0.65cvss 10.0epss 0.01

    A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager <…

  • CVE-2024-22216CriJan 8, 2024
    risk 0.65cvss 10.0epss 0.01

    In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484…

  • CVE-2025-9497CriMar 28, 2026
    risk 0.64cvss 9.8epss 0.00

    Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.

  • CVE-2020-27636CriOct 10, 2023
    risk 0.59cvss 9.1epss 0.01

    In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.

  • CVE-2019-16127CriOct 22, 2020
    risk 0.59cvss 9.1epss 0.02

    Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.

  • CVE-2022-46403HigDec 19, 2022
    risk 0.56cvss 8.6epss 0.01

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.

  • CVE-2022-46399HigDec 19, 2022
    risk 0.49cvss 7.5epss 0.01

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.

  • CVE-2021-37605HigAug 5, 2021
    risk 0.49cvss 7.5epss 0.01

    In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.

  • CVE-2021-37604HigAug 5, 2021
    risk 0.49cvss 7.5epss 0.01

    In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame…

  • CVE-2020-12789HigSep 14, 2020
    risk 0.49cvss 7.5epss 0.01

    The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.

  • CVE-2020-12788HigSep 14, 2020
    risk 0.49cvss 7.5epss 0.01

    CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.

  • CVE-2020-12787HigSep 14, 2020
    risk 0.49cvss 7.5epss 0.01

    Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.

  • CVE-2022-45192MedFeb 8, 2023
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.

  • CVE-2022-45191MedFeb 8, 2023
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.

  • CVE-2022-46402MedDec 19, 2022
    risk 0.42cvss 6.5epss 0.00

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.

  • CVE-2019-19195MedFeb 10, 2020
    risk 0.42cvss 6.5epss 0.01

    The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.

  • CVE-2024-4760MedMay 16, 2024
    risk 0.41cvss 6.3epss 0.00

    A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.

  • CVE-2023-23588MedApr 11, 2023
    risk 0.40cvss 6.2epss 0.00

    A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows),…

  • CVE-2020-20950MedJan 19, 2021
    risk 0.38cvss 5.9epss 0.01

    Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server…