We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X

$0.00

Item	Qty
Your cart is empty.

Software Vulnerability Response

Live Chat

Need Help?

Protecting You and Your Design

From time to time vulnerabilities that need immediate attention are discovered in communication protocols like TCP/IP, Bluetooth^®, Wi-Fi^® and other software implementations. Because these threats to your system are a primary concern for us, we keep a watch on these discoveries and provide fixes when necessary. We prioritize firmware updates to ensure threats are eliminated quickly, allowing you to keep your designs connected and protected.

Listed below are our responses to protocol and software implementation vulnerabilities that have been announced in the past. Click on a link to learn more about our response to the specific vulnerability.

Name	Technology	Description
KRACK	Wi-Fi^®	WPA2 (Wi-Fi Protected Access II) protocol, which is a widely used Wi-Fi security mechanism, is vulnerable to a Key Reinstallation attack (KRACK). This vulnerability is in the standard definition and not in a specific implementation.
Kr00k	Wi-Fi	Microchip is not affected by this Wi-Fi encryption vulnerability.
ANSSI Bluetooth Core Vulnerabilities	Bluetooth^®	The Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) has disclosed reports for three vulnerabilities related to the Bluetooth Core Specification that includes impersonation in the Passkey Entry protocol and the PIN Pairing procedure.
BlueBorne Attack Vector	Bluetooth	BlueBorne is an attack vector that exploits security gaps in Bluetooth Classic connections and can be used to execute malicious code on affected devices.
Key Negotiation of Bluetooth (KNOB)	Bluetooth	Key Negotiation of Bluetooth or KNOB affects Bluetooth Classic devices (devices using BR/ EDR connections). It is vulnerable to an attacker reducing the negotiated encryption key length to a single octet, allowing a brute force attack to decrypt the data and inject data into a Bluetooth connection.
Sweyntooth	Bluetooth	This is a Bluetooth Low Energy (BLE) security vulnerability. A white paper detailing this vulnerability is available.
Bluetooth Impersonation Attacks (BIAS)	Bluetooth	This is a vulnerability found in the Bluetooth Core Specification that impacts Secure Connections in Bluetooth. LE Secure Connections, as part of the Bluetooth Low Energy Specification, is not affected.
Amnesia Network Stack (TCP/IP) Vulnerability	TCP/IP	This is a set of vulnerabilities in TCP/IP software. A white paper with more information about this vulnerability is available.
MiWi™ v6.5 Software Vulnerability (CVE-2021-37604 and CVE-2021-37605)	MiWi Software	In version 6.5 of our MiWi software, there is a possibility of frame counters being validated/updated prior to the message authentication.
Log4J	Java	A set of vulnerabilities has been discovered in the Log4j Java library, potentially allowing attackers to take control of systems and execute malicious commands. Read about our Storage Management Response to this vulnerability. At this time, development tools such as MPLAB^® X and Microchip Studio Integrated Development Environments (IDEs), as well as our wireless products are not affected by this vulnerability. Information regarding the status of other Microchip products will be added to this page as it becomes available.
FragAttacks	Wi-Fi	An attacker within range of an affected Wi-Fi device can exploit the vulnerabilities described in the study to inject arbitrary packets. This can potentially allow an attacker to steal user information or conduct unauthorized activities.
Deviating Behaviors in Different Bluetooth Low Energy (LE) Implementations	Bluetooth	Research conducted by Purdue University and Pennsylvania State University have uncovered five security vulnerabilities in the Bluetooth Low Energy peripheral implementations in various devices that affect Microchip Bluetooth products.

How to Report Potential Product Security Vulnerabilities

The Microchip Product Security Incident Response Team (PSIRT) is responsible for receiving and responding to reports of potential security vulnerabilities in our products, as well as in any related hardware, software, firmware, and tools. Once a report is received, the PSIRT will take the necessary steps to review the issue and determine what actions might be required to address any potential impacts to our products.

Learn More