CyberNews Briefs

Critical Flaws in VNC Threaten Industrial Environments

Researchers with Kaspersky have uncovered a total of 37 security vulnerabilities, including several critical flaws, in Virtual Network Computing, a graphical desktop-sharing system that is frequently used in industrial environments. The issues impact up to 600,000 Internet-facing servers.

Kaspersky warns that the use of VNC and other potentially vulnerable solutions designed for remotely controlling systems represents a serious security risk to the industrial sector “as potential damages can bring significant losses through disruption of complex production processes.” In a report for ICS CERT, Kaspersky explained that the issues, which include remote code execution (RCE) flaws, are all related to one of two attack vectors: “An attacker is on the same network with the VNC server and attacks it to gain the ability to execute code on the server with the server’s privileges; [or] a user connects to an attacker’s ‘server’ using a VNC client and the attacker exploits vulnerabilities in the client to attack the user and execute code on the user’s machine.”

Read more: Critical Flaws in VNC Threaten Industrial Environments

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.