SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-100357637] Geutebruck IP Cameras

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-02-14OtherGeutebruckFlorent Montel and Frederic Cikala discovered the authentication bypass vulnerability, and Davy Douhine of RandoriSec discoveredN/ACVE-2017-5174 CVE-2017-5173 N/AN/AN/A

Source

						
							
								
#
# Geutebrück IP Cameras
#


### VULNERABLE VENDOR
Geutebrück


### VULNERABLE PRODUCT
IP Cameras



### RESEARCHER
Florent Montel and Frédéric Cikala discovered the authentication bypass vulnerability, and Davy Douhine of RandoriSec discovered the improper access control vulnerability.



### AFFECTED PRODUCTS

The following Geutebrück G-Cam IP camera version is affected:

G-Cam/EFD-2250 Version 1.11.0.12



### IMPACT

Successful exploitation of these vulnerabilities could allow the attacker to bypass authentication and obtain remote anonymous access to the device; these vulnerabilities may allow remote code execution.



### VULNERABILITY OVERVIEW

AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
An authentication bypass vulnerability has been identified.
The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.
CVE-2017-5174 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND CWE-78
An improper neutralization of special elements vulnerability has been identified.
If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.
CVE-2017-5173 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Commercial Facilities, Energy, Healthcare and Public Health
Countries/Areas Deployed: Europe, United States, Australia
Company Headquarters Location: Windhagen, Germany




### MITIGATION

Geutebrück recommends customers download and update with the newest patch from this location by registering for a new web club account or logging into an existing account.

http://www.geutebrueck.com/en_EN/login.html