Security Bulletin: BLE Security Vulnerabilities
CVE-2019-17061 and CVE-2019-16336 (Status Update)
Cypress has reviewed and analyzed recent reports on BLE security vulnerabilities outlined in CVE-2019-17061 and CVE-2019-16336, collectively referred to as the SweynTooth Bluetooth Low Energy (BLE) vulnerabilities. These vulnerabilities have been addressed via firmware updates. Below is the status update:
Part | CVE | Updated FW | Release Date |
PSoC 4 BLE | CVE-2019-17061 | BLE Component 3.63 | October 2019 |
CVE-2019-16336 | BLE Component 3.64 in PSoC Creator | March 2020 | |
PSoC 6 BLE | CVE-2019-17061 | BLE Middleware 3.30 | November 2019 |
PDL 3.1.1 in PSoC Creator | January 2020 | ||
CVE-2019-16336 | BLE Middleware 3.40 | March 2020 | |
PDL 3.1.2 | March 2020 |
Other Cypress Devices
To date, Cypress has not observed vulnerabilities associated with CVE-2019-17061 and CVE-2019-16336 in other devices. Customers using other devices or requiring further assistance can receive support by creating a case through our secure support portal or by contacting their Cypress representative.
If you believe you have identified a vulnerability in any Cypress product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at psirt@cypress.com.
We use cookies and similar technologies (also from third parties) to collect your device and browser information for a better understanding on how you use our online offerings. This enables us to optimize and personalize your experience with Infineon and to provide you with additional services and information based on your individual profile. Details are available in our privacy policy where you can also change your preferences on cookies at any time.
By technically required cookies we mean cookies without those the technical provision of the online service cannot be ensured. These include e.g. cookies supporting essential services like a smooth reproduction of video or audio footage. So called ‘functional cookies’ are also assigned belonging to this category. Functional cookies store information in order to provide you comfortable use of our online services (e.g. language selection). The legal basis for the processing of personal data by means of cookies of this category is Infineon’s legitimate interest. This includes, among other things, the interest in having a professional external presentation as well as an optimal balancing of the loads on the server due to technical reasons.
By performance and marketing cookies we mean cookies which are technically not required. We use performance and marketing cookies only if you have given us your prior consent. With such cookies, we collect information about how users interact with our website and which pages have been visited. This helps us to understand user activity on our website on an aggregated as well as on a personal level to provide you relevant content and services.