NI Security Update for Salt

Overview

Two vulnerabilities were disclosed on April 30, 2020 in Salt, an open source project from SaltStack. These vulnerabilities are described in CVE-2020-11651 and CVE-2020-11652. Some NI products utilize Salt and are affected by these vulnerabilities. Refer to the table below for the full list of affected products. 

 

NI strongly recommends that you install these patches.  

Contents

Mitigation Guidance

If your system is connected to the internet, complete the following steps to install the patches:

  1. Launch NI Package Manager.
  2. Navigate to the Updates tab.
  3. Select the appropriate updates as described below.


If your system is not connected, you can download the offline installers listed in the table.

Affected Products

Product Version

Mitigation

SystemLink 2020 R1

Install Patch 2020 R1.1

SystemLink 19.6

Install Patch 19.6.3

Prior Versions of SystemLink

Upgrade to 19.6.3 or 2020 R1

LabVIEW NXG 5.0 Web Module

Install Patch 5.0.1

LabVIEW NXG 5.0 Real-Time Module

Install Patch 5.0.1

LabVIEW Communications System Design Suite 5.0

Install Patch 5.0.1

LabVIEW Communications System Design Suite 4.0

Install Patch 4.0.1

LabVIEW Communications System Design Suite 3.1

Install Patch 3.1.1

LabVIEW Communications System Design Suite 3.0

Install Patch 3.0.2

LabVIEW Communications System Design Suite 2.1

No Patch Available

LabVIEW Communications System Design Suite 2.0

No Patch Available

CVSS Score

CVE-2020-11651 - 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-11652 - 6.5 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Further Information

At NI, we view the security of our products as an important part of our commitment to our customers.  Go to ni.com/security to stay informed and act upon security alerts and issues.

Was this information helpful?

Yes

No