The open-source Virtual Network Computing (VNC) project, often found in industrial environments, is plagued with 37 different bugs. Many of the bugs are critical in severity and some could result in remote code execution. Around 600,000 web-accessible servers in systems that use the code could be affected by the bugs. Approximately 32 percent of industrial network computers have some form of remote administration tools, including VNC, according to Kaspersky researchers. A significant number of the problems detailed in the research were found and reported last year, but each of the projects examined also had newly discovered bugs.
Source: https://threatpost.com/critical-flaws-vnc-industrial/150568/