Microchip: Security Vulnerabilities
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-12-19
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-12-19
In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by injecting messages with a sufficiently large frame counter value and invalid payload. This results in denial of service/valid packets in the network. There is also a possibility of a replay attack in the stack.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-08-05
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-08-05
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-01-19
An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).
CVSS Score
9.1
EPSS Score
0.007
Published
2020-12-11
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).
CVSS Score
6.8
EPSS Score
0.001
Published
2020-10-22
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).
CVSS Score
6.8
EPSS Score
0.001
Published
2020-10-22
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-10-22
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-14