Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Microchip — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting Microchip. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Microchip develops embedded systems and microcontrollers for industrial, automotive, and consumer applications. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and insecure default configurations. Security researchers have identified authentication bypass issues and buffer overruns in various firmware versions. While no major public incidents have been widely reported, the 18 documented CVEs highlight ongoing security concerns in their embedded products, particularly in legacy devices where patching may be challenging. Their security posture reflects common embedded system vulnerabilities, emphasizing the need for robust firmware updates and secure coding practices in IoT and industrial control environments.

Top products by Microchip: TimeProvider 4100 Time Provider 4100 TimePictra SAME70 MPLAB® Harmony 3 Core Module RN4870 IStaX
CVE IDTitleCVSSSeverityPublished
CVE-2026-2336 Weak webstax_auth Cookie Authentication Allows Privilege Escalation — IStaXCWE-331 8.8AIHighAI2026-04-16
CVE-2025-9497 Hardcoded Upgrade Decryption Passwords — Time Provider 4100CWE-798 9.8 -2026-03-28
CVE-2026-3010 TimePictra Stored Cross-Site Scripting — TimePictraCWE-79 6.1 -2026-02-28
CVE-2026-2844 TimePictra Authentication Bypass Vulnerability — TimePictraCWE-306 9.1 -2026-02-28
CVE-2025-47904 Unsigned upgrade package — Time Provider 4100CWE-494 9.1AICriticalAI2026-02-24
CVE-2025-47902 SQL Injection in web resource — Time Provider 4100CWE-89 9.8AICriticalAI2025-10-20
CVE-2025-47901 RCE on restore configuration password — Time Provider 4100CWE-78 9.8AICriticalAI2025-10-20
CVE-2025-47900 RCE on backup configuration password — Time Provider 4100CWE-78 9.8AICriticalAI2025-10-20
CVE-2024-29155 Denial of service on Microchip RN4870 devices — RN4870CWE-239 4.3 Medium2024-10-16
CVE-2024-43683 Improper verification of the Host header in TimeProvider 4100 — TimeProvider 4100CWE-601 6.1 -2024-10-04
CVE-2024-43684 Cross-Site Request Forgery vulnerability in TimeProvider 4100 — TimeProvider 4100CWE-352 7.1 -2024-10-04
CVE-2024-43685 Session token fixation in TimeProvider 4100 — TimeProvider 4100CWE-613 8.8 -2024-10-04
CVE-2024-43686 Reflected XSS in TimeProvider 4100 chart component — TimeProvider 4100CWE-79 6.1 -2024-10-04
CVE-2024-9054 Remote code Execution inTimeProvider® 4100 — TimeProvider 4100CWE-78 8.8 -2024-10-04
CVE-2024-43687 XSS vulnerability in bannerconfig endpoint in TimeProvider 4100 — TimeProvider 4100CWE-79 6.1 -2024-10-04
CVE-2024-7801 SQL injection in get_chart_data in TimeProvider 4100 — TimeProvider 4100CWE-89 9.8 -2024-10-04
CVE-2024-30212 Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command — MPLAB® Harmony 3 Core ModuleCWE-190 7.3AIHighAI2024-05-28
CVE-2024-4760 Voltage glitch during startup of the EEFC NVM controller can bypass the security bit — SAME70CWE-1247 6.3 Medium2024-05-16

This page lists every published CVE security advisory associated with Microchip. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.