RemotePC Vulnerabilities
If possible, retire the use of this software as it isn't appropriate for an ICS network. Disable RemotePC's LAN access feature. Block remote access to port TCP/5970 and TCP/5980. Do not reuse Personal Keys. Always use a full length (15 character) securely generated Personal Key. Periodically review access logs from the RemotePC website to ensure no unexpected addresses are establishing desktop sessions.
affected product:
RemotePC for Windows before 7.6.48, RemotePC for Linux before 4.0.1
Possible Threat
CVE ID
CVE-2021-34687
CVE-2021-34688
CVE-2021-34689
CVE-2021-34690
CVE-2021-34691
CVE-2021-34692
ID
CVE-2021-34687
Source
Dragos
Skill Level
N/A
CVSSV3 BASE / TEMPORAL SCORE
N/A
CVSSV3 vector
N/A
Affecting
Vulnerability Type
Exposure of Sensitive Information to an Unauthorized Actor
Exposure of Sensitive Information Through Sent Data
Authentication Bypass Using an Alternate Path or Channel
Exposure of Sensitive Information to an Unauthorized Actor
Improper Enforcement of Behavioral Workflow
Privilege escalation to SYSTEM
Disclosure Timeline
06/17/2021 - Dragos discloses issue