CVE-2024-7801 MEDIUM

CVE-2024-7801: SQL injection in get_chart_data in TimeProvider 4100

Vendor Microchip
Product TimeProvider 4100
Weakness CWE-89 · SQLi
Published October 4, 2024
Last update October 4, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.

Key dates

02Disclosure timeline

October 4, 2024 CVE published
October 4, 2024 Record updated