Microchip is aware of a Network software (TCP/IP) security vulnerability known as Amnesia:33, originally published by the US Department of Homeland Security (DHS) and CERT. Download the white paper to get additional information about this vulnerability. The vulnerability, which contains about 28 CVEs, affects TCP/IP software stacks used in embedded systems.
We take security issues seriously, and we are currently working to mitigate the issues and provide solutions for our clients. We have determined that this vulnerability affects some of our networking products. This page will provide the latest insight and may be updated from time to time.
Our general-purpose microcontrollers are programmable with third-party TCP/IP stacks. We advise you to verify your applications against the white paper referred to above. Microchip’s distributed software and products affected by Amnesia and a proposed resolution are listed in the table below.