LabVIEW

---

@cordm wrote:

CVE-2025-32433

Erlang: Unauthenticated Remote Code Execution in Erlang/OTP SSH

Qualys: Erlang/OTP SSH Server Remote Code Execution Vulnerability (CVE-2025-32433)

 

A timely update would be nice..

 

---

Even an untimely one, although the former is better.

Bill

(Mid-Level minion.)
My support system ensures that I don't look totally incompetent.
Proud to say that I've progressed beyond knowing just enough to be dangerous. I now know enough to know that I have no clue about anything at all.
Humble author of the CLAD Nugget.

All, thanks for your feedback, we are investigating this internally (where I work) as many labs in the company are using LabVIEW 2022Q3 for deployment, so it is not just a matter to upgrade one single Laptop version, but many executables used in production. 

In a nutshell, we believe that an "upgrade" to newer LV version is not feasible as it will create a tons of work to upgrade everything and possibly breaking codes. 

Also, go in every single installation and remove SystemLink is not that feasible either and it is not my call for other groups in the company.

We are very surprised that such issue has not been addressed by NI earlier as, as I said many times,. we are using commercial security scan software...and such vulnerability is quite significant. I would rather get a fix such as software-patch offered by NI to fix the version we are on.

Thanks

Regards

Anna

---

@Annnina wrote:

All, thanks for your feedback, we are investigating this internally (where I work) as many labs in the company are using LabVIEW 2022Q3 for deployment, so it is not just a matter to upgrade one single Laptop version, but many executables used in production. 

In a nutshell, we believe that an "upgrade" to newer LV version is not feasible as it will create a tons of work to upgrade everything and possibly breaking codes. 

Also, go in every single installation and remove SystemLink is not that feasible either and it is not my call for other groups in the company.

We are very surprised that such issue has not been addressed by NI earlier as, as I said many times,. we are using commercial security scan software...and such vulnerability is quite significant. I would rather get a fix such as software-patch offered by NI to fix the version we are on.

---

How is going to apply a patch on every system easier than going to uninstall a component like SystemLink? That said, a patch most likely consists simply of the installer of a new version of the SystemLink software.

Rolf Kalbermatter  My Blog DEMO, Electronic and Mechanical Support department, room 36.LB00.390

Hi Everyone, 

NI has investigated this issue and determined NI software that includes Erlang/OTP is not affected by this vulnerability since it does not enable or use SSH. Regardless you, as NI software updates updated versions of erl.exe will be pulled in that fully remediated this issue. At this time, NI does not intend to patch any products. 

Cheers,

Mark