Geutebrück G-Cam and G-Code

Plan Patch7.2ICS-CERT ICSA-19-155-03Jun 4, 2019

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Geutebruck G-Cam and G-Code IP cameras contain command injection (CWE-78) and cross-site scripting (CWE-79) vulnerabilities in the web management interface. An authenticated attacker could execute arbitrary commands as root on the camera, or inject malicious script into an operator's browser session. The vulnerabilities affect firmware versions 1.12.0.25 and earlier across ETHC-22xx, EFD-22xx, EBC-21xx, EEC-2xxx, and EWPC-22xx models.

What this means

What could happen

An attacker with administrative credentials could execute arbitrary code as root on Geutebruck IP cameras, potentially altering video feeds, disabling surveillance, or using the camera as a pivot point into the network. The attacker could also inject malicious code into a web browser session used to manage the camera.

Who's at risk

Security managers and operators responsible for Geutebruck IP camera systems used for facility surveillance and access control in utilities, manufacturing plants, and critical infrastructure. This affects all ETHC-22xx, EFD-22xx, EBC-21xx, EEC-2xxx, and EWPC-22xx camera models running firmware versions 1.12.0.25 or earlier.

How it could be exploited

An attacker with administrative access to the camera's web interface could inject malicious commands or script payloads through input fields. These would be executed on the camera system itself (remote code execution as root) or in the browser of any operator viewing the management console (cross-site scripting). The attacker must first authenticate or obtain admin credentials.

Prerequisites

Network access to the camera's web management interface (typically port 80/443)
Valid administrative credentials for the camera
Camera firmware version 1.12.0.25 or earlier

remotely exploitablerequires administrative credentialsaffects surveillance systemsno authentication required for web interface in some configurations

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

ETHC-22xx: All≤ 1.12.0.251.12.13.2 or later

EFD-22xx: All≤ 1.12.0.251.12.13.2 or later

EBC-21xx: All≤ 1.12.0.251.12.13.2 or later

EEC-2xxx: All≤ 1.12.0.251.12.13.2 or later

EWPC-22xx: All≤ 1.12.0.251.12.13.2 or later

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict administrative access to the camera management interface to authorized engineering workstations only using firewall rules

HARDENINGChange default or weak administrative passwords on all cameras to complex credentials managed in a secure vault

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade all affected Geutebruck cameras (ETHC-22xx, EFD-22xx, EBC-21xx, EEC-2xxx, EWPC-22xx) to firmware version 1.12.13.2 or later

Long-term hardening

0/2

HARDENINGPlace all IP cameras on a separate VLAN isolated from the business network and corporate systems

HARDENINGRestrict outbound network access from cameras to only required destinations

CVEs (3)

CVE-2019-10957 CVE-2019-10956 CVE-2019-10958

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/95473549-99d4-47b9-8964-bfe65b81ff93