Vulnerability-Lookup

BDU:2026-00357

Vulnerability from fstec - Published: 16.05.2024

Title

Уязвимость микроконтроллеров Microchip SAM, связанная с неправильной защитой от сбоев напряжения и тактовой частоты, позволяющая нарушителю получить доступ к защищаемой информации

Description

Уязвимость микроконтроллеров Microchip SAM связана с неправильной защитой от сбоев напряжения и тактовой частоты. Эксплуатация уязвимости может позволить нарушителю получить доступ к защищаемой информации

Severity ?


                    
                      AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Microchip Technology

Software Name

SAM E70, SAM S70, SAM V70, SAM V71, SAM G55, SAM 4C, SAM 4E, SAM 4N, SAM 4S, SAM 3N, SAM 3S, SAM 3U

Software Version

- (SAM E70), - (SAM S70), - (SAM V70), - (SAM V71), - (SAM G55), - (SAM 4C), - (SAM 4E), - (SAM 4N), - (SAM 4S), - (SAM 3N), - (SAM 3S), - (SAM 3U)

Possible Mitigations

Компенсирующие меры: - ограничить физический доступ к критически важным устройствам, использующим микроконтроллеры серии SAM; - использовать индивидуальные критически важные данные для каждого устройства, например, криптографические ключи.

Reference

https://ww1.microchip.com/downloads/aemDocuments/documents/MCU32/ProductDocuments/SupportingCollateral/Security-Advisory-CVE-2024-4760.pdf https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/

CWE

CWE-1247

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microchip Technology",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (SAM E70), - (SAM S70), - (SAM V70), - (SAM V71), - (SAM G55), - (SAM 4C), - (SAM 4E), - (SAM 4N), - (SAM 4S), - (SAM 3N), - (SAM 3S), - (SAM 3U)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u043c \u043c\u0438\u043a\u0440\u043e\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u044b \u0441\u0435\u0440\u0438\u0438 SAM;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0438\u043d\u0434\u0438\u0432\u0438\u0434\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043a\u043b\u044e\u0447\u0438.",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.01.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.01.2026",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-00357",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-4760",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SAM E70, SAM S70, SAM V70, SAM V71, SAM G55, SAM 4C, SAM 4E, SAM 4N, SAM 4S, SAM 3N, SAM 3S, SAM 3U",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Microchip SAM, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 \u0441\u0431\u043e\u0435\u0432 \u043d\u0430\u043f\u0440\u044f\u0436\u0435\u043d\u0438\u044f \u0438 \u0442\u0430\u043a\u0442\u043e\u0432\u043e\u0439 \u0447\u0430\u0441\u0442\u043e\u0442\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0445\u0435\u043c\u044b \u0438\u043b\u0438 \u0434\u0430\u0442\u0447\u0438\u043a\u0438 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0441\u0431\u043e\u0435\u0432 \u043d\u0430\u043f\u0440\u044f\u0436\u0435\u043d\u0438\u044f \u0438 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 (CWE-1247)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 Microchip SAM \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 \u0441\u0431\u043e\u0435\u0432 \u043d\u0430\u043f\u0440\u044f\u0436\u0435\u043d\u0438\u044f \u0438 \u0442\u0430\u043a\u0442\u043e\u0432\u043e\u0439 \u0447\u0430\u0441\u0442\u043e\u0442\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0412\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://ww1.microchip.com/downloads/aemDocuments/documents/MCU32/ProductDocuments/SupportingCollateral/Security-Advisory-CVE-2024-4760.pdf\nhttps://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-1247",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,2)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,3)"
}

CVE-2024-4760 (GCVE-0-2024-4760)

Vulnerability from cvelistv5 – Published: 2024-05-16 13:07 – Updated: 2025-06-06 15:08

Title

Voltage glitch during startup of the EEFC NVM controller can bypass the security bit

Summary

A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-1247 - Improper Protection Against Voltage and Clock Glitches

Assigner

Microchip

References

URL

Tags

	https://www.0x01team.com/hw_security/bypassing-mi…	technical-descriptionexploit
	https://ww1.microchip.com/downloads/aemDocuments/…	vendor-advisory

Impacted products

Vendor

Product

Version

Microchip

SAME70

Affected: 0

Microchip	SAMS70	Affected: 0
Microchip	SAMV70	Affected: 0
Microchip	SAMV71	Affected: 0
Microchip	SAMG55	Affected: 0
Microchip	SAM4C	Affected: 0
Microchip	SAM4S	Affected: 0
Microchip	SAM4N	Affected: 0
Microchip	SAM4E	Affected: 0
Microchip	SAM3S	Affected: 0
Microchip	SAM3N	Affected: 0
Microchip	SAM3U	Affected: 0

Date Public ?

2024-05-16 13:00

Credits

Waleed Alzamil Bandar Alharbi Meshari Alhammadi

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:amtel:same70:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "same70",
            "vendor": "amtel",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amtel:sams70:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sams70",
            "vendor": "amtel",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amtel:samv70:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "samv70",
            "vendor": "amtel",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amtel:samv71:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "samv71",
            "vendor": "amtel",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4760",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T19:22:40.820250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:53:31.485Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:47:41.757Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "technical-description",
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SAME70",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "SAMS70",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "SAMV70",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "SAMV71",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SAMG55",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SAM4C",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SAM4S",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SAM4N",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SAM4E",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SAM3S",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SAM3N",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SAM3U",
          "vendor": "Microchip",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Physical control of the VDDCore pins\u003cbr\u003e"
            }
          ],
          "value": "Physical control of the VDDCore pins"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Waleed Alzamil"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Bandar Alharbi"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Meshari Alhammadi"
        }
      ],
      "datePublic": "2024-05-16T13:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM\u0026nbsp;4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers\u0026nbsp;allows access to the memory bus via the debug interface even if the security bit is set."
            }
          ],
          "value": "A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM\u00a04C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers\u00a0allows access to the memory bus via the debug interface even if the security bit is set."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-624",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-624: Hardware Fault Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1247",
              "description": "CWE-1247: Improper Protection Against Voltage and Clock Glitches",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-06T15:08:03.023Z",
        "orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
        "shortName": "Microchip"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://ww1.microchip.com/downloads/aemDocuments/documents/MCU32/ProductDocuments/SupportingCollateral/Security-Advisory-CVE-2024-4760.pdf"
        }
      ],
      "source": {
        "advisory": "PSIRT-73",
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-02-15T17:19:00.000Z",
          "value": "Initial report"
        },
        {
          "lang": "en",
          "time": "2025-06-06T07:00:00.000Z",
          "value": "Vendor Advisory issued"
        }
      ],
      "title": "Voltage glitch during startup of the EEFC NVM controller can bypass the security bit",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Please contact Microchip to obtain the appropriate patch for your devices, which are available as binary code\u003cbr\u003eupdates."
            }
          ],
          "value": "Please contact Microchip to obtain the appropriate patch for your devices, which are available as binary code\nupdates."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
    "assignerShortName": "Microchip",
    "cveId": "CVE-2024-4760",
    "datePublished": "2024-05-16T13:07:57.462Z",
    "dateReserved": "2024-05-10T15:18:00.908Z",
    "dateUpdated": "2025-06-06T15:08:03.023Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2026-00357

CVE-2024-4760 (GCVE-0-2024-4760)

Tags

Sightings

Nomenclature