Your one-stop web resource providing safety and security information to manufacturers

Geutebrück GmbH has a firmware update to mitigate an OS command injection vulnerability in its E2 Camera Series, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability may allow a remote attacker to inject OS commands as root.

RELATED STORIES
GE Mitigates Path Traversal Hole
SINAMICS PERFECT HARMONY GH180 Hole Fixed
Siemens Fixes SINUMERIK Controllers
Rockwell Fixes MicroLogix, ControlLogix Modules

E2 series cameras running firmware versions prior to 1.12.0.25 suffer from the issue, discovered by Davy Douhine of RandoriSec. Douhine validated the new version of the firmware resolves the reported vulnerability.

The DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.

Cyber Security

CVE-2018-19007 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.2.

The product sees use in the commercial facilities, energy, financial services, and healthcare and public health sectors. It also sees action in Europe, United States, and Australia.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Germany-based Geutebrück recommends E2 series IP camera users download and update to the newest firmware version, 1.12.0.25, by registering for a new WebClub account, or by logging into an existing account.

Pin It on Pinterest

Share This