From Friday, April 19th (11:00 PM CDT) through Saturday, April 20th (2:00 PM CDT), 2024, ni.com will undergo system upgrades that may result in temporary service interruption.

We appreciate your patience as we improve our online experience.

Home Community Discussion Forums Most Active Software Boards SystemLink Community Hub Engage SystemLink Forum Topic

SystemLink Forum

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Systemlink and NI web server - Possible Log4j vulnerability?

Systemlink and NI web server - Possible Log4j vulnerability?

‎12-15-2021 04:09 AM - edited ‎12-15-2021 04:14 AM

Labels:

I have SystemLink installed on a PC. It is not so much that I wanted to use SystemLink, but I did need the NI web server, which is a key component within SystemLink.

The NI web server is based on Apache httpd and therefore I fear it might possibly be vulnerable for Log4j exploits.

I have not heard from NI yet on if/how this affects applications built on Systemlink or webservices using the NI web server or even the NI application server.

 

 

 

------------------------------------------------------------------------------------
Seriously concerned about the Labview subscription model
View All (3)
0 Kudos
Message 1 of 6
(3,411 Views)
Reply

Re: Systemlink and NI web server - Possible Log4j vulnerability?

‎12-15-2021 08:48 AM - edited ‎12-15-2021 08:49 AM

SystemLink doesn't include any Java-based services or 3rd party components, so it shouldn't be affected.

 

https://knowledge.ni.com/KnowledgeArticleDetails?id=kA03q000001DtSPCA0&l=en-US

 

0 Kudos
Message 2 of 6
(3,363 Views)
Reply

Re: Systemlink and NI web server - Possible Log4j vulnerability?

‎12-15-2021 09:03 AM

@aartjan, the official statement from NI is:

 

"NI is aware of CVE-2021-44228, which describes a critical vulnerability in Apache log4j. We are currently investigating to determine which, if any, products are affected by this. We will provide additional information as we learn more."
0 Kudos
Message 3 of 6
(3,360 Views)
Reply

Re: Systemlink and NI web server - Possible Log4j vulnerability?

‎12-16-2021 06:17 AM - edited ‎12-16-2021 06:18 AM

@AustinMan@NI

 

Is there a knowledgebase article link that has that information in it that will be updated once you have concluded your internal investigations? I'd like a statement that covers all NI software e.g. LabVIEW / Drivers / Toolkits for our auditing purposes.

LabVIEW Champion, CLA, CLED, CTD
(blog)
0 Kudos
Message 4 of 6
(3,170 Views)
Reply

Re: Systemlink and NI web server - Possible Log4j vulnerability?

‎12-16-2021 07:03 AM

@Sam_Sharp The best KnowledgeBase to follow is one that was published yesterday:

 

https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerabi...

0 Kudos
Message 5 of 6
(3,145 Views)
Reply

Re: Systemlink and NI web server - Possible Log4j vulnerability?

‎12-22-2021 11:17 AM

Does NI have any updates on this issue?

0 Kudos
Message 6 of 6
(2,515 Views)
Reply