CISA
Critical infrastructure
News

Security loopholes identified in Geutebrück G-Cam E2 and G-Code IP cameras

July 31, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) disclosed on Tuesday the presence of multiple vulnerabilities in several Geutebrück G-Cam E2 and Encoder G-Code IP cameras in an Industrial Control Systems (ICS) advisory.

Security researchers at RandoriSec earlier this month detected serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. 

“We’ve already reported several critical vulnerabilities (from RCE to Authentication Bypass) discovered on Geutebruck products,” Titouan Lazard and Ibrahim Ayadhi wrote in a RandoriSec blog post. “Geutebruck has always been our main contact to reach UDP Technology. In fact, UDP Technology never deigned to acknowledge our reports despite numerous mails and LinkedIn messages. Because new firmwares were released, sometimes failing to patch correctly reported vulnerabilities, we decided to follow the release of newer firmware, looking for more vulnerabilities.”

Following the unwillingness of firmware supplier UDP Technology to respond, RandoriSec worked with Geutebrück, to correct the 11 authenticated remote code execution (RCE) and a complete authentication bypass that they found in the firmware. RCE is a software security flaw/vulnerability that enables a malicious hacker to execute code of their choice on a remote machine over LAN, WAN, or internet, without gaining physical access to the device. An RCE vulnerability can lead to loss of control over the system or some of its individual components, apart from theft of sensitive information or data.

Deployed globally across critical infrastructure environments, such as energy, healthcare and public health and transportation systems, the Geutebrück G-Cam E2 and G-Code hardware contained security vulnerabilities that could allow unauthenticated access to sensitive information, stack-based buffer overflow and command injection conditions. These weaknesses may allow remote code execution using low attack complexity and public exploits are available. 

The affected Geutebrück devices, containing the third-party firmware provided by UDP Technology, are the E2 Series cameras – G-CAM versions 1.12.0.27 and prior, versions 1.12.13.2 and 1.12.14.5, along with EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx. The affected Encoder G-Code are versions 1.12.0.27 and prior, versions 1.12.13.2 and 1.12.14.5, along with EEC-2xx and EEN-20xx. UDP Technology supplies multiple OEMs such as Geutebrück with firmware for IP cameras.

RandoriSec’s Lazard and Ayadhi reported these vulnerabilities to CISA, according to the agency’s advisory.

“As you can imagine, the combination of unauthorized access to sensitive files combined with that many RCE vulnerabilities creates a treasure trove for attackers, and finding an attack method that works for you is trivial. And it should not come as a surprise that public exploits are available,” Pieter Arntz, a malware intelligence researcher at MalwareBytes, wrote in a Wednesday blog post.

“Even an attacker having access to your live-stream can be bad enough, but an attacker that has full control of your IP camera is even worse,” according to Arntz. “And, sure enough, a combination of the unauthorized access and some of the RCE vulnerabilities can allow an attacker to achieve root on the IP camera’s that are running on the vulnerable firmware,” he added.

Last August, the Geutebrück G-Cam and G-Code equipment detected the presence of an OS Command Injection vulnerability, which affected firmware versions 1.12.0.25 and prior as well as the limited versions 1.12.13.2 and 1.12.14.5 of some Encoder and E2 Series Camera models. 

Geutebrück in Germany has advised its users, including Geutebrück G-Cam E2 and Encoder G-Code users, to update all affected cameras and encoders listed to firmware version 1.12.14.7 or later. The security advisory and the latest firmware can both be acquired on the company web portal (login required).

In case the updates cannot be deployed, Geutebrück asked users to change the default passwords of the cameras, minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet, in addition to locating control system networks and remote devices behind firewalls and isolate them from the business network to minimize the risk of exploitation of these vulnerabilities.

When remote access is required, Geutebrück suggested using secure methods, like virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Users must ultimately shut down or disconnect the cameras from the network.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation