Cypress has responded (Cypress community login required).
Summary for 
We use a 43362 module and are vulnerable to “group 2” of the CVEs (CVE-2017-13080, CVE-2017-13081). By the end of October, Cypress will release the following WICED Studio versions that will address these CVEs:
- 4.1.3
- 5.2
- 6.0
As soon as we get those versions of WICED Studio, we’ll release system firmware versions with the patches. At that point, all of you can build your apps with those new system firmware versions, and all will be well.
Let us know if you have questions!
cc: @mdma @BDub @avtolstoy @sergey
EDIT: changed cypress community link to one I hope works better