We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest. Update Here
Stay in the loop with the latest from Microchip. Update your profile while you are at it. Update Here
Complete your profile to access more resources. Update Here
Cross-reference search

SweynTooth Bluetooth® Low Energy (LE) Vulnerability

Microchip is aware of a Bluetooth LE security vulnerability named SweynTooth, originally published by the Singapore University of Technology and Design. The white paper detailing this vulnerability is available at the following link: https://asset-group.github.io/disclosures/sweyntooth/ Vulnerability Paper

Microchip takes security issues seriously and is currently working to understand the issue and provide solutions for our clients. We have determined that this vulnerability affects some of our Bluetooth LE products. This page will provide the latest insight and will be updated regularly. 

Affected Products and Resolution

The table below lists Microchip products affected by SweynTooth and a proposed resolution. The affected Blueooth LE devices may become unresponsive and may require a reset from the host microcontroller when attacked.

CVE-2019-19194 (6.10) is one of the most serious of the  published vulnerabilities. It enables an attacker in range of the radio transmission to bypass the “Secure Connections” pairing mode. No Microchip devices are affected by the CVE-2019-19194 (6.10).

DeviceSourceVulnerabilities AffectedResolution
ATSAMB11White PaperCVE-2019-19195 (6.8)No update planned
WINC3400Self DisclosureCVE-2019-19195 (6.8)Firmware patch in development
WILC3000 (RTOS)Self DisclosureInvestigatingWill advise if fix is required
WILC3000 (Linux)N/A
NoneNot affected
RN4020Self DisclosureNo update planned
No update planned
IS1870
IS1871		Self DisclosureCVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		Fixed in update to firmware
BM70
BM71		Self DisclosureCVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		Fixed in update to firmware
RN4870
RN4871		Self DisclosureCVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		Fixed in update to firmware
BTLC1000Self DisclosureCVE-2019-19195 (6.8)No update planned
IS1677
IS1678		Self DisclosureCVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		IS1678 fixed in firmware updated
BM77
BM78		Self DisclosureCVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		BM78 fixed in update to firmware
RN4677
RN4678		Self DisclosureCVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		RN4678 fixed in update to firmware
IS2062
IS2063
IS2064
IS2066		Self DisclosureCVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		Fixed in update to firmware
BM62
BM63
BM64		Self DisclosureCVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		Fixed in update to firmware
IS2083Self DisclosureCVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		Fixed in update to firmware
BM83Self DisclosureCVE-2019-17519 (6.1)
CVE-2019-17518 (6.4)
CVE-2019-19193 (6.5)		Fixed in update to firmware

Live Chat

Need Help?

Privacy Policy