NI SystemLink Server Ships Out of Date Redis Version

NI strongly recommends upgrading the affected software to address this vulnerability.  Refer to the Affected Products section to download the update.

FlexLogger versions 2023 Q3 and later no longer depend on the NI SystemLink KeyValue Database Service, which includes Redis. To remove Redis from an older FlexLogger system after upgrade:

1. Open NI Package Manager
   
2. Under Settings, check "Show full version numbers and hidden packages"
   
3. Click the INSTALLED tab to view all installed packages
   
4. Search installed packages for "redis" (press ENTER key after typing in the search field)
   
5. Confirm that FlexLogger is NOT included in the list of additional packages that will be removed
   
6. Check “NI SystemLink KeyValue Database Service” and press the Remove button
   

CVE-2024-6121 – 7.8 - CVSS:3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

At NI, we view the security of our products as an important part of our commitment to our customers.  Go to ni.com/security to stay informed and act upon security alerts and issues.

NI would like to thank 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044 working with Trend Micro Zero Day Initiative for reporting this issue and working with us on coordinated disclosure.

• CVE-2024-6121 - National Vulnerability Database