Multiple vulnerabilities in Geutebrck G-Cam E2 and G-Code



Published: 2021-07-28
Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2021-33543
CVE-2021-33544
CVE-2021-33545
CVE-2021-33546
CVE-2021-33547
CVE-2021-33548
CVE-2021-33549
CVE-2021-33550
CVE-2021-33551
CVE-2021-33552
CVE-2021-33553
CVE-2021-33554
CWE-ID CWE-306
CWE-77
CWE-121
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #10 is available.
Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #12 is available.
Vulnerable software
Subscribe
G-Cam E2
Hardware solutions / Firmware

G-Code
Hardware solutions / Firmware

Vendor GEUTEBRÜCK GmbH

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Missing Authentication for Critical Function

EUVDB-ID: #VU55386

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33543

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to default user authentication settings. A remote attacker can gain access to sensitive files and gain access to the target system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Command Injection

EUVDB-ID: #VU55387

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33544

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stack-based buffer overflow

EUVDB-ID: #VU55388

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33545

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the counter parameter. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer overflow

EUVDB-ID: #VU55389

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33546

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the name parameter. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Stack-based buffer overflow

EUVDB-ID: #VU55390

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33547

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the profile parameter. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Command Injection

EUVDB-ID: #VU55391

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33548

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Stack-based buffer overflow

EUVDB-ID: #VU55392

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33549

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the action parameter. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Command Injection

EUVDB-ID: #VU55393

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33550

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Command Injection

EUVDB-ID: #VU55398

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33551

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Command Injection

EUVDB-ID: #VU55399

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33552

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Command Injection

EUVDB-ID: #VU55400

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33553

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Command Injection

EUVDB-ID: #VU55401

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33554

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

This vulnerability affects the following devices:

  • E2 Series cameras – G-CAM
    • EBC-21xx
    • EFD-22xx
    • ETHC-22xx
    • EWPC-22xx
  • Encoder G-Code
    • EEC-2xx
    • EEN-20xx

Mitigation

Install updates from vendor's website.

Vulnerable software versions

G-Cam E2: 1.12.0.27 - 1.12.14.5

G-Code: 1.12.0.27 - 1.12.14.5

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-208-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###