Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
Fixes

Solution

No solution given by the vendor.


Workaround

It is important to note that the web interface is only available on a physically separate management port and these vulnerabilities have no impact on the timing service ports. For added security, users have the option to disable the web interface, further protecting the device from potential web-based exploitations.

History

Wed, 16 Oct 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Microchip
Microchip timeprovider 4100
Microchip timeprovider 4100 Firmware
CPEs cpe:2.3:h:microchip:timeprovider_4100:-:*:*:*:*:*:*:*
cpe:2.3:o:microchip:timeprovider_4100_firmware:*:*:*:*:*:*:*:*
Vendors & Products Microchip
Microchip timeprovider 4100
Microchip timeprovider 4100 Firmware
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Mon, 07 Oct 2024 21:00:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 0, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green'}

cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/U:Green'}


Mon, 07 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 04 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
Title Reflected XSS in TimeProvider 4100 chart component
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 0, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Microchip

Published:

Updated: 2024-10-07T20:42:38.819Z

Reserved: 2024-08-14T15:39:44.265Z

Link: CVE-2024-43686

cve-icon Vulnrichment

Updated: 2024-10-04T21:23:06.960Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-04T20:15:06.960

Modified: 2024-10-16T19:20:57.230

Link: CVE-2024-43686

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.