VYPR

Vendor CVEs

Microchip

All CVEs

49 total · sorted by risk
  • CVE-2022-40022CriFeb 13, 2023
    risk 0.74cvss 9.8epss 0.92

    Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.

  • CVE-2024-22216CriJan 8, 2024
    risk 0.65cvss 10.0epss 0.01

    In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484…

  • CVE-2025-9497CriMar 28, 2026
    risk 0.64cvss 9.8epss 0.00

    Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.

  • CVE-2020-27636CriOct 10, 2023
    risk 0.59cvss 9.1epss 0.01

    In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.

  • CVE-2019-16127CriOct 22, 2020
    risk 0.59cvss 9.1epss 0.02

    Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.

  • CVE-2022-46403HigDec 19, 2022
    risk 0.56cvss 8.6epss 0.01

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.

  • CVE-2022-46399HigDec 19, 2022
    risk 0.49cvss 7.5epss 0.01

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.

  • CVE-2021-37605HigAug 5, 2021
    risk 0.49cvss 7.5epss 0.01

    In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.

  • CVE-2021-37604HigAug 5, 2021
    risk 0.49cvss 7.5epss 0.01

    In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame…

  • CVE-2020-12789HigSep 14, 2020
    risk 0.49cvss 7.5epss 0.01

    The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.

  • CVE-2020-12788HigSep 14, 2020
    risk 0.49cvss 7.5epss 0.01

    CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.

  • CVE-2020-12787HigSep 14, 2020
    risk 0.49cvss 7.5epss 0.01

    Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.

  • CVE-2022-45192MedFeb 8, 2023
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.

  • CVE-2022-45191MedFeb 8, 2023
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.

  • CVE-2022-46402MedDec 19, 2022
    risk 0.42cvss 6.5epss 0.00

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.

  • CVE-2019-19195MedFeb 10, 2020
    risk 0.42cvss 6.5epss 0.01

    The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.

  • CVE-2024-4760MedMay 16, 2024
    risk 0.41cvss 6.3epss 0.00

    A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.

  • CVE-2023-23588MedApr 11, 2023
    risk 0.40cvss 6.2epss 0.00

    A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows),…

  • CVE-2020-20950MedJan 19, 2021
    risk 0.38cvss 5.9epss 0.01

    Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server…

  • CVE-2019-16128MedOct 22, 2020
    risk 0.37cvss 6.8epss 0.01

    Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).

  • CVE-2019-16129MedOct 22, 2020
    risk 0.37cvss 6.8epss 0.01

    Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).

  • CVE-2022-46401MedDec 19, 2022
    risk 0.35cvss 5.4epss 0.01

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.

  • CVE-2022-46400MedDec 19, 2022
    risk 0.35cvss 5.4epss 0.01

    The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.

  • CVE-2022-45190MedFeb 8, 2023
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.

  • CVE-2024-29155MedOct 16, 2024
    risk 0.28cvss 4.3epss 0.00

    On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair…

  • CVE-2024-9054Oct 4, 2024
    risk 0.05cvss epss 0.15

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider…

  • CVE-2009-1608May 11, 2009
    risk 0.04cvss epss 0.11

    Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields.

  • CVE-2024-43687Oct 4, 2024
    risk 0.03cvss epss 0.01

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

  • CVE-2024-7801Oct 4, 2024
    risk 0.03cvss epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

  • CVE-2009-1674May 18, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608.

  • CVE-2024-43686Oct 4, 2024
    risk 0.01cvss epss 0.11

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

  • CVE-2024-7490Aug 8, 2024
    risk 0.01cvss epss 0.01

    Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines…

  • CVE-2026-12620Jun 19, 2026
    risk 0.00cvss epss 0.00

    The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

  • CVE-2026-12621Jun 19, 2026
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0.

  • CVE-2026-12622Jun 19, 2026
    risk 0.00cvss epss 0.00

    The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

  • CVE-2026-12619Jun 19, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting (XSS). This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

  • CVE-2026-3010Feb 28, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2.

  • CVE-2026-2844Feb 28, 2026
    risk 0.00cvss epss 0.00

    Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2.

  • CVE-2025-47904Feb 24, 2026
    risk 0.00cvss epss 0.00

    Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.

  • CVE-2025-47902Oct 20, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.

  • CVE-2025-47901Oct 20, 2025
    risk 0.00cvss epss 0.02

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

  • CVE-2025-47900Oct 20, 2025
    risk 0.00cvss epss 0.02

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.

  • CVE-2025-37815May 8, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Resolve kernel panic while accessing IRQ handler associated with the generated IRQ. This is done by acquiring the spinlock and…

  • CVE-2024-43683Oct 4, 2024
    risk 0.00cvss epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.

  • CVE-2024-43684Oct 4, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.

  • CVE-2024-43685Oct 4, 2024
    risk 0.00cvss epss 0.00

    Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

  • CVE-2021-47231May 21, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: fix memory leak in mcba_usb Syzbot reported memory leak in SocketCAN driver for Microchip CAN BUS Analyzer Tool. The problem was in unfreed usb_coherent. In mcba_usb_start() 20 coherent buffers…

  • CVE-2022-47518HigDec 18, 2022
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from…

  • CVE-2020-11684CriSep 14, 2020
    risk 0.00cvss 9.1epss 0.01

    AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the…