Exclusive Webinar:

Join us Oct. 6 as Rockwell Automation & Dragos CEOs reshape the way you approach cybersecurity in manufacturing.

Skip to main content
Security Advisory

RemotePC Vulnerabilities

Risk Information

Possible Threat

CVE ID

CVE-2021-34687

CVE-2021-34688

CVE-2021-34689

CVE-2021-34690

CVE-2021-34691

CVE-2021-34692

Vunerability Type

Personal Key sent over the network in a recoverable form

Personal Key stored encrypted with static key

Plaintext Personal Key in log files

Cloud authentication bypass

Remote denial of service

Privilege escalation to SYSTEM

CVSS3 Score

5.3

5.3

5.5

8.8

7.5

7.8

CVSSv3 Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affecting

  • RemotePC for Windows before 7.6.48
  • RemotePC for Linux before 4.0.1
  • Mitigation

    Update RemotePC for Windows to 7.6.48 or later. Update RemotePC for Linux to 4.0.1 or later.

    06/17/2021