NI LabVIEW and SystemLink omponents are causing vulnerability

Issue Details

Some customers report that erl.exe and erlsvc.exe, which are part of NI software such as SystemLink, RabbitMQ, LabVIEW AMQP messaging, or the NI System Web Server, are being flagged by IT security scans due to:

• TLS Version 1.0 Protocol Detection
• TLS Version 1.1 Protocol Detection
• Weak or legacy cipher suite support
• Listening on network ports (e.g., 4369 and dynamic high ports)

Solution

While NI’s official security advisory on Erlang/SSH (NI Advisory on Erlang SSH Vulnerability) clarifies that SSH is not enabled or used in our deployments of Erlang/OTP, these IT flags are not directly related to SSH vulnerabilities.

Instead, the issue stems from:

• Erlang-based services bundled with NI components exposing legacy TLS versions (1.0/1.1).
• Services that bind to network interfaces by default.
• Open ports detected by enterprise network scanners.
• Support for deprecated TLS versions (1.0 / 1.1) or older cipher suites.

In most cases, removing SystemLink components or LabVIEW messaging protocols (AMQP) resolves the issue by stopping the associated Erlang services (erl.exe, erlsvc.exe) and closing the ports.

It is important to note that this is not a sign of malware or unauthorized software. The binaries are signed by National Instruments and are installed as part of standard product functionality. However, due to security policies, IT departments may still request their removal or require mitigation. If the environment does not support removing the software components being flagged, please contact NI Technical Support.