Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

Blogs

SaraLeslie
Community Manager
Community Manager 250 sign-ins 100 sign-ins 50 likes received
Community Manager

Security Bulletin: BLE Security Vulnerabilities CVE-2019-17061 and CVE-2019-16336 (Status Update)

 

Security Bulletin: BLE Security Vulnerabilities

CVE-2019-17061 and CVE-2019-16336 (Status Update)

 

Cypress has reviewed and analyzed recent reports on BLE security vulnerabilities outlined in CVE-2019-17061 and CVE-2019-16336, collectively referred to as the SweynTooth Bluetooth Low Energy (BLE) vulnerabilities. These vulnerabilities have been addressed via firmware updates. Below is the status update:

 

Part

CVE

Updated FW

Release Date

PSoC 4 BLE

CVE-2019-17061

BLE Component 3.63
in PSoC Creator

October 2019

CVE-2019-16336

BLE Component 3.64 in PSoC Creator

March 2020

PSoC 6 BLE

CVE-2019-17061

BLE Middleware 3.30
used by ModusToolBox 2.x

November 2019

PDL 3.1.1 in PSoC Creator

January 2020

CVE-2019-16336

BLE Middleware 3.40
used by ModusToolBox 2.x

March 2020

PDL 3.1.2
in PSoC Creator

March 2020

 

Other Cypress Devices

To date, Cypress has not observed vulnerabilities associated with CVE-2019-17061 and CVE-2019-16336 in other devices. Customers using other devices or requiring further assistance can receive support by creating a case through our secure support portal or by contacting their Cypress representative.

 

If you believe you have identified a vulnerability in any Cypress product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at psirt@cypress.com.

0 Likes
3023 Views