Embedded Systems
A TIMESYS SPOOKY EDITION
October 2023
WHAT’S INSIDE
- Cybersecurity news: “Worst Security Problem Found in cURL” Highlights Need for SBOMs and 1-Click Remote Attack CVE Discovered in libcue
- Introducing Timesys BSPM: Navigating the Challenge of Shortened LTS Timeline in Embedded Linux
- Webinar Recap: Mastering Cybersecurity Compliance in Medical Device Development, Even if You’re New
- Early Access: Join the Exclusive Waitlist for SBOM & CVE Mastery!
- A Very Special Hello from Our India Teams!
- Learn How to Test & Debug Anywhere in the World with Timesys – The Brains Connecting to Your Device: Timesys ZOMBIES?
- Upcoming: Events Around the World You Don’t Want to Miss
- From Regulatory Uncertainty to Expertise: SBOM, CVE, and Beyond: Your Roadmap to Medical Compliance Confidence and Brand Protection
Cybersecurity in the news
“Worst Security Problem Found in cURL” Highlights Need for SBOMs and 1-Click Remote Attack CVE Discovered in libcue
CVE-2023-38545
According to Daniel Stenberg, Curl’s creator and core maintainer, this vulnerability is “the worst security problem found in curl in a long time.” This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.
A Rezilion article reviewing this vulnerability added that this vulnerability presents “an interesting challenge for security teams wanting to get a headstart on identifying affected assets – Since no vulnerability metadata has yet been published (specifically no CPE values), no vulnerability scanner will be able to detect it. This scenario highlights the necessity of having a queriable Software Bill of Materials (SBOM). If you have a queryable SBOM, you should utilize it to pinpoint all occurrences of curl & libcurl in your environment, so that once version 8.4.0 releases, you’ll be able to take immediate action.”
Need more info on this vulnerability?
CVE-2023-43641
As you may already know, libcue provides an API for parsing and extracting data from CUE sheets. However Versions 2.2.1 and prior are vulnerable to an out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners.
According to GitHub, “Sometimes a vulnerability in a seemingly innocuous library can have a large impact. Due to the way that it’s used by tracker-miners, this vulnerability in libcue became a 1-click RCE (Remote Code Execution). If you use GNOME, please update today!”
Need more info on this vulnerability?
With an average of 420 new CVEs every week, how do you cut through the noise and take action on the vulnerabilities that pose the largest threat to your device?
Vigiles, our SBOM management and CVE monitoring and remediation tool combines a curated CVE database, continuous security feed based on your Software Bill of Materials (SBOM), powerful filtering, and easy triage tools so you get automatic alerts of critical vulnerabilities affecting your devices.
Don’t have Vigiles?

Introducing Timesys BSPM
Navigating the Challenge of Shortened LTS Timeline in Embedded Linux
Webinar Recap
Mastering Cybersecurity Compliance in Medical Device Development, Even if You’re New to Compliance & Overwhelmed

Last week, Timesys hosted the first webinar in a series focused on taking you from regulatory uncertainty to regulatory expertise. In this first webinar, we went over all of the new industry requirements to stay compliant, what each of them mean for medical device developers and manufacturers, and ways to effectively prepare for compliance without feeling overwhelmed, uncertain, or daunted by the process.
Missed the webinar? No worries! We’ll be sending a recording of the webinar out later this week to anyone that registered during or after the webinar, along with additional materials such as the slides from the session, the Q&A, and a self-assessment checklist to help you get started in your compliance process.
Early Access
Join the Exclusive Waitlist for SBOM & CVE Mastery!

This is super secret message from Jon, that guy who bugs you with Vigiles emails.
Hello Cohort,
I broke into the newsletter with a special message for YOU! Guess what’s been cooking at Vigiles HQ? We’ve just wrapped up an electrifying series of webinars that spill the beans on mastering SBOMs and CVEs while unleashing the full potential of Vigiles for your monitoring, triage, and remediation needs.
Here’s the twist – these webinars were initially reserved for a top-secret group of Vigiles aficionados. But the buzz is too big to contain, and we’re opening the doors for YOU to join the elite ranks!
Want to be among the first to access this treasure trove of knowledge? Lock in your spot on the exclusive waitlist now! 🚀
Head straight to The End of Basic: The Training Montage and secure your place. You’ll be the first to get access when we open it up, and trust us, you won’t want to miss this! Let’s conquer SBOMs and CVEs together! 🚀💥
Staying Connected Around the Globe
A Very Special Hello from Our India Teams!

Hello from our India teams! Our CEO, Atul Bansal, and Office Manager, Ritu Bansal, traveled alongside our Chennai, Coimbatore, and Delhi, India teams to the Goa coastline to catch up with colleagues from every department. Pictured above and below are some of the captured moments of joy at Dona Paul Point, Novotel Goa, and Baga Beach.

As the company with the largest number of hardware partners worldwide, from SoC to SoM and SBC manufacturers and distributors, our global presence spans across continents. With development teams in the US and India, and sales and support extending to North America, EMEA, Japan, and Asia, we are proud to foster collaboration that knows no boundaries.
At Timesys, we cherish these moments that strengthen our bonds and keep us connected. Stay connected, just like our amazing teams in India!
Learn How to Test & Debug Anywhere in the World with Timesys
The Brains Connecting to Your Device: Timesys ZOMBIES?

How can you make your boards remotely accessible for collaborative software development, test automation, and debugging from anywhere in the world?
The Timesys Embedded Board Farm (EBF) and ZOMBIES, a custom Timesys developed hardware that can support up to 4 DUTs and be placed anywhere within your corporate network, offers a unique and immediate solution that bridges geographical gaps and adds your embedded products to your CI/CT process for higher quality and efficiency.
Upcoming
Events Around the World You Don’t Want to Miss

The Latest Developments in IoT Device Security
Digi, NXP, & Timesys Live Webinar
November 14 @ 10 AM US Central / 11 AM US Eastern / 6 PM EU Central / 9:30 PM India Standard
Ensure that your next product is part of a trusted and resilient security ecosystem with Digi, NXP, and Timesys.
IoT device security is changing rapidly. Organizations that build and deploy connected devices have heightened threat awareness, and government entities worldwide are developing legislation that require embedded devices to be secure.
In this webinar, NXP Semiconductors and Gold Partners Digi International and Timesys will discuss the latest developments and what OEMs need to know. Attendees will learn best practices for developing and shipping secure connected devices.
Featuring Speakers



From Regulatory Uncertainty to Expertise:
SBOM, CVE, and Beyond – Your Roadmap to Medical Compliance Confidence and Brand Protection
November 16 @ 12 PM EDT / 9 AM PT
In this live webinar and Q&A session, you’ll explore SBOM and CVE management and discover how to keep your products and devices compliant without complicating your development process. Say goodbye to complicated and unruly compliance processes and hello to efficient compliance practices that drive business growth! Your path to compliance clarity starts here!

Learn More
September 2023
Critical Zero-Day Vulnerability” Recently Disclosed In The Webp Image Library and 7 More Vulnerabilities Exposed
August 2023