Geutebrück G-Cam E2 and G-Code

Act Now9.8ICS-CERT ICSA-21-208-03Jul 27, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

UDP Technology firmware used in Geutebrück IP cameras and encoders contains multiple critical vulnerabilities including missing authentication (CWE-306), command injection (CWE-77), and buffer overflow (CWE-121). Successful exploitation allows unauthenticated remote attackers to access sensitive information or execute arbitrary code. Affected firmware versions: 1.12.0.27, 1.12.13.2, 1.12.14.5 and earlier.

What this means

What could happen

An attacker with network access could remotely take complete control of your IP cameras and encoders without credentials, potentially disabling surveillance, accessing video streams, or using the devices as a staging point to attack your facility network.

Who's at risk

Security teams and facility managers operating Geutebrück IP cameras and encoders (models EFD-22xx, ETHC-22xx, EWPC-22xx, EBC-21xx, EEC-2xx, EEN-20xx). This includes water utilities, electric utilities, and other infrastructure operators who rely on networked video surveillance for site security and monitoring.

How it could be exploited

An attacker sends a malformed UDP or network packet to the camera on its default port. Because there is no authentication check, the packet is processed. The buffer overflow or command injection vulnerability allows the attacker to execute arbitrary commands on the camera with root privileges, bypassing all security controls.

Prerequisites

Network access to the IP camera (default port and protocol not specified in advisory; assume UDP/TCP on standard video ports)
No credentials required

Remotely exploitable over networkNo authentication requiredLow complexity attack (likely script-based exploitation)Very high exploit probability (EPSS 94.3%)No patch available for end-of-life productsAffects safety/security monitoring systems

Exploitability

High exploit probability (EPSS 94.3%)

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

EFD-22xx:≤ 1.12.0.27 | 1.12.13.2 | 1.12.14.51.12.14.7 or later

ETHC-22xx:≤ 1.12.0.27 | 1.12.13.2 | 1.12.14.51.12.14.7 or later

EWPC-22xx:≤ 1.12.0.27 | 1.12.13.2 | 1.12.14.51.12.14.7 or later

EEC-2xx:≤ 1.12.0.27 | 1.12.13.2 | 1.12.14.51.12.14.7 or later

EEN-20xx:≤ 1.12.0.27 | 1.12.13.2 | 1.12.14.51.12.14.7 or later

EBC-21xx:≤ 1.12.0.27 | 1.12.13.2 | 1.12.14.51.12.14.7 or later

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDChange default passwords on all cameras immediately

WORKAROUNDRestrict network access to cameras using firewall rules; block inbound traffic from the Internet and business networks

WORKAROUNDDisconnect or power down cameras that cannot be updated or protected, if surveillance is not critical

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate firmware on all affected cameras and encoders to version 1.12.14.7 or later

HARDENINGIf remote access to cameras is required, use a VPN with current security patches; restrict VPN access to authorized staff only

Long-term hardening

0/1

HARDENINGIsolate camera network behind a separate VLAN or air-gapped segment from business and operational networks

CVEs (12)

CVE-2021-33543 CVE-2021-33544 CVE-2021-33545 CVE-2021-33546 CVE-2021-33547 CVE-2021-33548 CVE-2021-33549 CVE-2021-33550 CVE-2021-33551 CVE-2021-33552 CVE-2021-33553 CVE-2021-33554

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/98280c06-e44b-449a-829a-222d6a4ab40c