cancel
Showing results for 
Search instead for 
Did you mean: 

Security Bulletin

Community Manager
Community Manager

Security Bulletin: BLE Security Vulnerabilities CVE-2019-17061 and CVE-2019-16336 (Status Update)

Security Bulletin: BLE Security Vulnerabilities

CVE-2019-17061 and CVE-2019-16336 (Status Update)

Cypress has reviewed and analyzed recent reports on BLE security vulnerabilities outlined in CVE-2019-17061 and CVE-2019-16336, collectively referred to as the SweynTooth Bluetooth Low Energy (BLE) vulnerabilities. These vulnerabilities have been addressed via firmware updates. Below is the status update:

Part

CVE

Updated FW

Release Date

PSoC 4 BLE

CVE-2019-17061

BLE Component 3.63
in PSoC Creator

October 2019

CVE-2019-16336

BLE Component 3.64 in PSoC Creator

March 2020

PSoC 6 BLE

CVE-2019-17061

BLE Middleware 3.30
used by ModusToolBox 2.x

November 2019

PDL 3.1.1 in PSoC Creator

January 2020

CVE-2019-16336

BLE Middleware 3.40
used by ModusToolBox 2.x

March 2020

PDL 3.1.2
in PSoC Creator

March 2020

Other Cypress Devices

To date, Cypress has not observed vulnerabilities associated with CVE-2019-17061 and CVE-2019-16336 in other devices. Customers using other devices or requiring further assistance can receive support by creating a case through our secure support portal or by contacting their Cypress representative.

If you believe you have identified a vulnerability in any Cypress product, please visit our security response page and email the Product Security Incident Response Team (PSIRT) at psirt@cypress.com.

0 Likes
About the Author
Community Manager, Strategist, Blogger, Moderator and Leader.