Return to newsletter page >

June 20, 2021

InterNiche NicheStack vulnerabilities updates

In 2016 HCC acquired the embedded networking business of InterNiche Inc., with the NicheStack TCP/IP stack as its primary and widely used product. We expressed our commitment to continue supporting InterNiche products, helping customers with design-in issues and integration assistance with HCC’s own products, and also to provide updates to ensure products stayed robust and secure. We have now extended our support by providing an overview on our website of identified potential vulnerabilities in the NicheStack.

If you run NicheStack in any of your products, please review the recently published Security Advisories page to get details of the identified issues, the affected versions, and available patch(es), or possible guidance on how to minimize and mitigate the associated risks. For all low/medium/high vulnerabilities currently (June 2021) listed as Security Advisories on the website, a new NicheStack update version v4.3 is available from our security support team.

Product updates/patches are free to customers whose software license is covered by an active Support & Maintenance agreement. Contact our Support team to determine which (partial) updates would best suit your application.
If you want to renew your Support & Maintenance agreement, leave a message on our sales contact page and our Sales team or authorized distribution partner will get in touch with you to review your options.
Sensitive information related to vulnerabilities is kept confidential to protect our users and their customers against possible security attacks. For customers with a Support & Maintenance agreement, detailed information is accessible now through PGP-encrypted communication with HCC’s Security Team. These customers can also register to be notified if new vulnerabilities are published in future.

Updating to a new InterNiche stack version
As mentioned above, a new version of v4.3 of NicheStack that addresses the identified potential security vulnerabilities is available from HCC. Replacing an older release of the stack with this new version may offer additional improvements over your current version, which could be a useful bonus.
HCC’s Consultancy and Services Team is available, if needed, to assist with rolling out the update efficiently to your application or developments, allowing your development team to continue working without interruption on new projects and products. HCC’s Sales Team can outline the different collaboration and assistance models and prepare a proposal.

Partner distributions of NicheStack and NicheLite
NicheStack has also been distributed by InterNiche partners such as Altera/Intel as part of the Nios II Embedded Design Suite (EDS). A demo/evaluation version of the stack (named NicheLite) has been distributed through many semiconductor vendors, including NXP (Freescale), STMicroelectronics, and Texas Instruments (Luminary). These distributions of the full NicheStack and NicheLite are also affected by the vulnerabilities. If you have applications based on these distributions, you may also get in contact with us through the mentioned communication channels.

For more information, visit the Security Advisories page.

If you have any questions, ideas or suggestions, please contact:
HCC's Security Team
Harm-Andre Verhoef
Marketing Director
HCC Embedded
Return to newsletter page >