SystemLink Forum

cancel
Showing results for 
Search instead for 
Did you mean: 

Systemlink and NI web server - Possible Log4j vulnerability?

I have SystemLink installed on a PC. It is not so much that I wanted to use SystemLink, but I did need the NI web server, which is a key component within SystemLink.

The NI web server is based on Apache httpd and therefore I fear it might possibly be vulnerable for Log4j exploits.

I have not heard from NI yet on if/how this affects applications built on Systemlink or webservices using the NI web server or even the NI application server.

 

 

 

------------------------------------------------------------------------------------
Seriously concerned about the Labview subscription model
0 Kudos
Message 1 of 6
(3,323 Views)

SystemLink doesn't include any Java-based services or 3rd party components, so it shouldn't be affected.

 

https://knowledge.ni.com/KnowledgeArticleDetails?id=kA03q000001DtSPCA0&l=en-US

 

0 Kudos
Message 2 of 6
(3,275 Views)

@aartjan, the official statement from NI is:

 

"NI is aware of CVE-2021-44228, which describes a critical vulnerability in Apache log4j. We are currently investigating to determine which, if any, products are affected by this. We will provide additional information as we learn more."
0 Kudos
Message 3 of 6
(3,272 Views)

@AustinMan@NI

 

Is there a knowledgebase article link that has that information in it that will be updated once you have concluded your internal investigations? I'd like a statement that covers all NI software e.g. LabVIEW / Drivers / Toolkits for our auditing purposes.


LabVIEW Champion, CLA, CLED, CTD
(blog)
0 Kudos
Message 4 of 6
(3,082 Views)

@Sam_Sharp The best KnowledgeBase to follow is one that was published yesterday:

 

https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerabi...

0 Kudos
Message 5 of 6
(3,057 Views)

Does NI have any updates on this issue?

0 Kudos
Message 6 of 6
(2,427 Views)