NI Security Update for Microarchitectural Data Sampling Vulnerabilities

Aperçu

NI is aware of several side-channel vulnerabilities described in CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 known as Microarchitectural Data Sampling (MDS) affecting many modern microprocessors.  We have worked with our silicon providers to ensure that our products include the appropriate mitigations.

Contents

Mitigation Guidance

Apply the BIOS update provided by NI for your controller.

Affected Products

Affected PXI/PXI Express Controllers

Controller Model

BIOS Download

PXI-8102

PXI-8108

PXI-8110

No update available (Intel did not release patch CPU microcode)

PXIe-8101

PXIe-8102

PXIe-8108

No update available (Intel did not release patch CPU microcode)

PXI-8109

No update available (Intel did not release patch CPU microcode)

PXI-8115

No update available (EOL)

PXIe-8115

No update available (EOL)

PXI-8119

No update available (EOL)

PXIe-8133

No update available (Intel did not release patch CPU microcode)

PXIe-8135

1.2.7f0

PXI-8820

1.0.2f0 

PXIe-8820

1.2.2f0

PXIe-8821

2.1.7f0

PXIe-8830mc

No update available (cannot update BIOS)

PXI-8840

2.0.4f0

PXIe-8840

2.1.5f0

PXI-8840QC

2.02f0

PXIe-8840QC

2.1.7f0

PXIe-8861

19.5.1f0

PXIe-8880

2.1.6f0

Affected CompactDAQ/CompactRIO/Vision/OEM Controllers

Controller Model

BIOS Download

cDAQ-9138

cDAQ-9139

No update available (Intel did not release patch CPU microcode)

cDAQ-913x

1.3.2f0

cRIO-903x

1.3.4f0

cRIO-9032 WiFi

cRIO-9037 WiFi

1.3.2f0

cRIO-904x

Contact NI

cRIO-905x

2.1.1f0

cRIO-9081

cRIO-9082

No update available (Intel did not release patch CPU microcode)

CVS-1458 RT

CVS-1459 RT

1.3.3f1

CVS-1458 Windows

CVS-1459 Windows

1.3.5f100

IC-3120 RT

IC-3121 RT

1.3.4f0

IC-3120 Windows

IC-3121 Windows

1.3.4f100

IC-317x

1.1.3f0

sbRIO-96x8

2.1.1f0

USRP-2974

1.0.4f0

CVSS Score

CVE-2018-12126 - 5.6 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2018-12127 – 5.6 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2018-12130 – 5.6 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2019-11091 – 5.6 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N