Security Bulletin: BLE Security Vulnerabilities
CVE-2019-17061 and CVE-2019-16336 (Status Update)
Cypress has reviewed and analyzed recent reports on BLE security vulnerabilities outlined in CVE-2019-17061 and CVE-2019-16336, collectively referred to as the SweynTooth Bluetooth Low Energy (BLE) vulnerabilities. These vulnerabilities have been addressed via firmware updates. Below is the status update:
Part
|
CVE
|
Updated FW
|
Release Date
|
PSoC 4 BLE
|
CVE-2019-17061
|
BLE Component 3.63 in PSoC Creator
|
October 2019
|
CVE-2019-16336
|
BLE Component 3.64 in PSoC Creator
|
March 2020
|
PSoC 6 BLE
|
CVE-2019-17061
|
BLE Middleware 3.30 used by ModusToolBox 2.x
|
November 2019
|
PDL 3.1.1 in PSoC Creator
|
January 2020
|
CVE-2019-16336
|
BLE Middleware 3.40 used by ModusToolBox 2.x
|
March 2020
|
PDL 3.1.2 in PSoC Creator
|
March 2020
|
Other Cypress Devices
To date, Cypress has not observed vulnerabilities associated with CVE-2019-17061 and CVE-2019-16336 in other devices. Customers using other devices or requiring further assistance can receive support by creating a case through our secure support portal or by contacting their Cypress representative.
If you believe you have identified a vulnerability in any Cypress product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at psirt@cypress.com.