I just came across this recent advisory (https://labs.f-secure.com/advisories/saltstack-authorization-bypass) which describes two vulnerabilities in SaltStack that bypass authorization mechanisms. I cannot tell if SystemLink is affected by this and would like someone to clear this up.
I'm not sure if SystemLink is affected or not, but we do not use the default ZeroMQ transport that was referenced in the CVE. We had some problems with the ZeroMQ transport initially, so we disable it in our install and we instead use one of their newer TCP Tornado transport.
In addition, we will update the version of Salt we are using in a future release which includes a patch for the issue.
After looking at this some more I can confirm that SystemLink is affected. This is really easy to exploit. You should limit access to the server to known devices until this is patched.
There have been a number of compomised systems running salt masters on Linux servers, some had crypto miners installed.
Some links with more information:
Patches for SystemLink Server (19.6.3 and 2020 R1.1) and other products have been released. Those updates are available in NI Package Manager or by downloading the installer. See this link for details:
For previous versions of SystemLink Server, NI recommends upgrading to 19.6.3 or 2020 R1.1