We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest! Update Here
Stay in the loop with the latest from Microchip! Update your profile while you are at it. Update Here
Complete your profile to access more resources.Update Here!
0
$0.00
Item Qty
Your cart is empty.

Amnesia Network Stack (TCP/IP) Vulnerability

Microchip is aware of a Network software (TCP/IP) security vulnerability known as Amnesia:33, originally published by the US Department of Homeland Security (DHS) and CERT. Download the white paper to get additional information about this vulnerability. The vulnerability, which contains about 28 CVEs, affects TCP/IP software stacks used in embedded systems.

We take security issues seriously, and we are currently working to mitigate the issues and provide solutions for our clients. We have determined that this vulnerability affects some of our networking products. This page will provide the latest insight and may be updated from time to time.

Amnesia Affected Products

Our general-purpose microcontrollers are programmable with third-party TCP/IP stacks. We advise you to verify your applications against the white paper referred to above. Microchip’s distributed software and products affected by Amnesia and a proposed resolution are listed in the table below.

Device or Software Source Vulnerabilities Affected Resolution
WINC1500/WINC3400 Self-Disclosure CVE-2020-13987 (FSCT-2020-0009) 
CVE-2020-17439 (FSCT-2020-0017)
CVE-2020-17440 (FSCT-2020-0016)
CVE-2020-24334 (FSCT-2020-0030)
CVE-2020-24336 (FSCT-2020-0027)		 Fix developed in ATWINC3400 Firmware v1.4.1 and ATWINC1500 Firmware v19.7.3.
Preprogrammed modules with latest firmware expected in 2021.
MPLAB® Harmony v3 Framework Self-Disclosure CVE-2020-17439
CVE-2020-17441		 Fix developed, available in next version 3.7.0+
MPLAB Code Configurator (MCC) Framework Self-Disclosure CVE-2020-17470 (FSCT-2020-0025) Fix developed, available in version v2.2.14, Feb 2021
Microchip Libraries for Applications (MLA) Framework Self-Disclosure Same as WINC1500/WINC3400 Fix developed in ATWINC3400 Firmware v1.4.1 and ATWINC1500 Firmware v19.7.3
Legacy 6LowPAN solutions Self-Disclosure Likely. Uses Contiki OS. Fix not planned
WILC1000/WILC3000 Linux® Solution Self-Disclosure Not affected  
WILC1000/WILC3000 RTOS Solution Self-Disclosure Not affected  
RN131 Self-Disclosure Not affected