CVE-2024-7801

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

Affected Software

VendorProductVersion RangeStatus
MicrochipTimeProvider 41001.0 < 2.4.7affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Workarounds

It is important to note that the web interface is only available on a physically separate management port and these vulnerabilities have no impact on the timing service ports. For added security, users have the option to disable the web interface, further protecting the device from potential web-based exploitations.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References