CVE-2022-46401 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.4 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CISA-ADP	ADP	5.4 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Affected Products (NVD)

Vendor	Product	Version
microchip	bm78_firmware	1.43
microchip	bm83_firmware	1.43
microchip	rn4870_firmware	1.43
microchip	rn4871_firmware	1.43
microchip	bm70_firmware	1.43
microchip	bm71_firmware	1.43
microchip	pic_lightblue_explorer_demo_firmware	4.2_dt100112:_dt100112
microchip	pic32cx1012bz25048_firmware	-
microchip	wbz451_firmware	-
microchip	rn4678_firmware	1.43
microchip	bm77_firmware	1.43
microchip	bm64_firmware	1.43

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://microchip.com

https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM

https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG

https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le

https://microchip.com

https://www.computer.org/csdl/proceedings-article/sp/2023/933600a521/1He7Yja1AYM

https://www.computer.org/csdl/proceedings/sp/2023/1He7WWuJExG

https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/deviating-behaviors-in-bluetooth-le