Had a chance to look at an n-Able / n-Central installation this morning. Turns out that the "Probe" component (installed on machines in remote networks to act as a centralized data collector within that network) does use the affected Orion DLL, but the version appears to be older than the malicious version.

If this hadn't been spotted sooner I wonder if the affected component would have ended up being bundled into n-Able and being shipped that way too.