We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest! Update Here
Stay in the loop with the latest from Microchip! Update your profile while you are at it. Update Here
Complete your profile to access more resources.Update Here!

Wireless Software Vulnerability Response

Protecting You and Your Design

From time to time vulnerabilities that need immediate attention are discovered in communication protocols like TCP/IP, Bluetooth®, Wi-Fi® and other software implementations. Because these threats to your system are a primary concern for us, we keep a watch on these discoveries and provide fixes when necessary. We prioritize firmware updates to ensure threats are eliminated quickly, allowing you to keep your designs connected and protected.

Listed below are our responses to protocol and software implementation vulnerabilities that have been announced in the past. Click on a link to learn more about our response to the specific vulnerability.

Name Technology Description
Amnesia Network Stack (TCP/IP) Vulnerability TCP/IP This is a set of vulnerabilities in TCP/IP software. A white paper with more information about this vulnerability is available.
ANSSI Bluetooth Core Vulnerabilities Bluetooth® The Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) has disclosed reports for three vulnerabilities related to the Bluetooth Core Specification that includes impersonation in the Passkey Entry protocol and the PIN Pairing procedure.
Bluetooth Impersonation Attacks (BIAS) Bluetooth This is a vulnerability found in the Bluetooth Core Specification that impacts Secure Connections in Bluetooth. LE Secure Connections, as part of the Bluetooth Low Energy Specification, is not affected.
BlueBorne Attack Vector Bluetooth BlueBorne is an attack vector that exploits security gaps in Bluetooth Classic connections and can be used to execute malicious code on affected devices.
Deviating Behaviors in Bluetooth Low Energy Implementations Bluetooth Research conducted by Purdue University and Pennsylvania State University have uncovered five security vulnerabilities in the Bluetooth Low Energy peripheral implementations in various devices that affect Microchip Bluetooth products.
FragAttacks Wi-Fi® An attacker within range of an affected Wi-Fi device can exploit the vulnerabilities described in the study to inject arbitrary packets. This can potentially allow an attacker to steal user information or conduct unauthorized activities.
Key Negotiation of Bluetooth (KNOB) Bluetooth Key Negotiation of Bluetooth or KNOB affects Bluetooth Classic devices (devices using BR/ EDR connections). It  is vulnerable to an attacker reducing the negotiated encryption key length to a single octet, allowing a brute force attack to decrypt the data and inject data into a Bluetooth connection.
Kr00k Wi-Fi Microchip is not affected by this Wi-Fi encryption vulnerability.
Log4J Java A set of vulnerabilities has been discovered in the Log4j Java library, potentially allowing attackers to take control of systems and execute malicious commands. Read about our Storage Management Response to this vulnerability. At this time, development tools such as MPLAB® X and Microchip Studio Integrated Development Environments (IDEs), as well as our wireless products are not affected by this vulnerability. Information regarding the status of other Microchip products will be added to this page as it becomes available.
MiWi™ 6.5 Software Vulnerabilities MiWi In version 6.5 of our MiWi software, there is a possibility of frame counters being validated/updated prior to the message authentication.
Sweyntooth Bluetooth This is a Bluetooth Low Energy (BLE) security vulnerability. A white paper detailing this vulnerability is available.
WPA2 Protocol KRACK Vulnerability Wi-Fi WPA2 (Wi-Fi Protected Access II) protocol, which is a widely used Wi-Fi security mechanism, is vulnerable to a Key Reinstallation attack (KRACK). This vulnerability is in the standard definition and not in a specific implementation.

How to Report Potential Product Security Vulnerabilities

The Microchip Product Security Incident Response Team (PSIRT) is responsible for receiving and responding to reports of potential security vulnerabilities in our products, as well as in any related hardware, software, firmware and tools. Once a report is received, the PSIRT will take the necessary steps to review the issue and determine what actions might be required to address any potential impacts to our products.