Two vulnerabilities were disclosed on April 30, 2020 in Salt, an open source project from SaltStack. These vulnerabilities are described in CVE-2020-11651 and CVE-2020-11652. Some NI products utilize Salt and are affected by these vulnerabilities. Refer to the table below for the full list of affected products.
NI strongly recommends that you install these patches.
If your system is connected to the internet, complete the following steps to install the patches:
If your system is not connected, you can download the offline installers listed in the table.
Product Version | Mitigation |
|---|---|
SystemLink 2020 R1 | Install Patch 2020 R1.1 |
SystemLink 19.6 | Install Patch 19.6.3 |
Prior Versions of SystemLink | |
LabVIEW NXG 5.0 Web Module | Install Patch 5.0.1 |
LabVIEW NXG 5.0 Real-Time Module | Install Patch 5.0.1 |
LabVIEW Communications System Design Suite 5.0 | Install Patch 5.0.1 |
LabVIEW Communications System Design Suite 4.0 | Install Patch 4.0.1 |
LabVIEW Communications System Design Suite 3.1 | Install Patch 3.1.1 |
LabVIEW Communications System Design Suite 3.0 | Install Patch 3.0.2 |
LabVIEW Communications System Design Suite 2.1 | No Patch Available |
LabVIEW Communications System Design Suite 2.0 | No Patch Available |
CVE-2020-11651 - 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-11652 - 6.5 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
At NI, we view the security of our products as an important part of our commitment to our customers. Go to ni.com/security to stay informed and act upon security alerts and issues.