Skip to main content
Security Advisory

RemotePC Vulnerabilities

If possible, retire the use of this software as it isn't appropriate for an ICS network. Disable RemotePC's LAN access feature. Block remote access to port TCP/5970 and TCP/5980. Do not reuse Personal Keys. Always use a full length (15 character) securely generated Personal Key. Periodically review access logs from the RemotePC website to ensure no unexpected addresses are establishing desktop sessions.

Risk Information

affected product:

RemotePC for Windows before 7.6.48, RemotePC for Linux before 4.0.1

Possible Threat

CVE ID

CVE-2021-34687

CVE-2021-34688

CVE-2021-34689

CVE-2021-34690

CVE-2021-34691

CVE-2021-34692

ID

CVE-2021-34687

Source

Dragos

Skill Level

N/A

CVSSV3 BASE / TEMPORAL SCORE

N/A

CVSSV3 vector

N/A

Affecting

  • RemotePC for Windows before 7.6.48, RemotePC for Linux before 4.0.1
  • Vulnerability Type

    Exposure of Sensitive Information to an Unauthorized Actor

    Exposure of Sensitive Information Through Sent Data

    Authentication Bypass Using an Alternate Path or Channel

    Exposure of Sensitive Information to an Unauthorized Actor

    Improper Enforcement of Behavioral Workflow

    Privilege escalation to SYSTEM

    Disclosure Timeline

    06/17/2021 - Dragos discloses issue