cvelistv5 - CVE-2019-10956

CVE-2019-10956 (GCVE-0-2019-10956)

Vulnerability from cvelistv5 – Published: 2020-01-17 17:52 – Updated: 2024-08-04 22:40

Summary

Severity ?

No CVSS data available.

CWE

CWE-78 - IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Geutebruck IP Cameras	Affected: G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior

GHSA-3MJ4-2258-CJ4P

Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-10956"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-17T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root.",
  "id": "GHSA-3mj4-2258-cj4p",
  "modified": "2022-05-24T17:06:51Z",
  "published": "2022-05-24T17:06:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10956"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2020-22346

Vulnerability from cnvd - Published: 2020-04-12

Title

Geutebrück G-Cam和G-Code OS命令注入漏洞

Description

G-Cam是Geutebrück公司推出的网络摄像头系列。G-Code是Geutebrück公司推出的模拟视频编码器。 Geutebrück G-Cam和G-Code存在OS命令注入漏洞。该漏洞源于外部输入数据构造操作系统可执行命令过程中，网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。

Severity

高

Patch Name

Geutebrück G-Cam和G-Code OS命令注入漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://ics-cert.us-cert.gov/advisories/ICSA-19-155-03

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-19-155-03

Impacted products

Name
['Geutebruck G-Cam（EBC-21xx、EFD-22xx、ETHC-22xx、EWPC-22xx） <=1.12.0.25', 'Geutebruck G-Code（EEC-2xxx） <=1.12.0.25']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10956"
    }
  },
  "description": "G-Cam\u662fGeutebr\u00fcck\u516c\u53f8\u63a8\u51fa\u7684\u7f51\u7edc\u6444\u50cf\u5934\u7cfb\u5217\u3002G-Code\u662fGeutebr\u00fcck\u516c\u53f8\u63a8\u51fa\u7684\u6a21\u62df\u89c6\u9891\u7f16\u7801\u5668\u3002\n\nGeutebr\u00fcck G-Cam\u548cG-Code\u5b58\u5728OS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u64cd\u4f5c\u7cfb\u7edf\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://ics-cert.us-cert.gov/advisories/ICSA-19-155-03",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22346",
  "openTime": "2020-04-12",
  "patchDescription": "G-Cam\u662fGeutebr\u00fcck\u516c\u53f8\u63a8\u51fa\u7684\u7f51\u7edc\u6444\u50cf\u5934\u7cfb\u5217\u3002G-Code\u662fGeutebr\u00fcck\u516c\u53f8\u63a8\u51fa\u7684\u6a21\u62df\u89c6\u9891\u7f16\u7801\u5668\u3002\r\n\r\nGeutebr\u00fcck G-Cam\u548cG-Code\u5b58\u5728OS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u64cd\u4f5c\u7cfb\u7edf\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Geutebr\u00fcck G-Cam\u548cG-Code OS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Geutebruck G-Cam\uff08EBC-21xx\u3001EFD-22xx\u3001ETHC-22xx\u3001EWPC-22xx\uff09 \u003c=1.12.0.25",
      "Geutebruck G-Code\uff08EEC-2xxx\uff09 \u003c=1.12.0.25"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-19-155-03",
  "serverity": "\u9ad8",
  "submitTime": "2019-06-05",
  "title": "Geutebr\u00fcck G-Cam\u548cG-Code OS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

VAR-202001-1487

Vulnerability from variot - Updated: 2023-12-18 12:27

Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebrück. G-Code is an analog video encoder launched by Geutebrück.

Geutebrück G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. The following products of Geutebruck are affected: G-Code EEC-2xxx version 1.12.0.25 and prior G-Cam EBC-21xx version 1.12.0.25 and prior G-Cam EFD-22xx version 1.12.0.25 and prior G-Cam ETHC-22xx version 1.12.0.25 and prior G-Cam EWPC-22xx version 1.12.0.25 and prior

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1487",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "g-cam ebc-2111",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam efd-2241",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam ebc-2110",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam efd-2250",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam ethc-2240",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam ethc-2249",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam ewpc-2270",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam ethc-2230",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam ethc-2239",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-code eec-2400",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam efd-2240",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "geutebrueck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/ebc-2110",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/ebc-2111",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/efd-2240",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/efd-2241",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/efd-2250",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/ethc-2230",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/ethc-2239",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/ethc-2240",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/ethc-2249",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-code/eec-2400",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "geutebruck",
        "version": "\u003c=1.12.0.25"
      },
      {
        "model": "g-code",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "geutebruck",
        "version": "\u003c=1.12.0.25"
      },
      {
        "model": "g-code/eec-2xxx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/ewpc-22xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/ethc-22xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/efd-22xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-cam/ebc-21xx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "geutebruck",
        "version": "1.12.0.25"
      },
      {
        "model": "g-code/eec-2xxx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "geutebruck",
        "version": "1.12.13.2"
      },
      {
        "model": "g-cam/ewpc-22xx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "geutebruck",
        "version": "1.12.13.2"
      },
      {
        "model": "g-cam/ethc-22xx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "geutebruck",
        "version": "1.12.13.2"
      },
      {
        "model": "g-cam/efd-22xx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "geutebruck",
        "version": "1.12.13.2"
      },
      {
        "model": "g-cam/ebc-21xx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "geutebruck",
        "version": "1.12.13.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      },
      {
        "db": "BID",
        "id": "108579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10956"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-code_eec-2400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2110:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2111:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2240:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2241:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2250:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2230:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2240:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2239:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2249:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10956"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Romain Luyer and Guillaume Gronnier from CEIS, and Davy Douhine from RandoriSec reported these vulnerabilities to NCCIC., and Davy Douhine from RandoriSec, and Davy Douhine from RandoriSec.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-088"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-10956",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2019-10956",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2020-22346",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-10956",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-10956",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-22346",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-088",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-10956",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10956"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-088"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. Geutebruck IP Camera G-Code and G-Cam In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. G-Cam is a web camera series launched by Geutebr\u00fcck. G-Code is an analog video encoder launched by Geutebr\u00fcck. \n\r\n\r\nGeutebr\u00fcck G-Cam and G-Code have OS command injection vulnerabilities. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user and inject and execute arbitrary commands. Other attacks are also possible. \nThe following products of Geutebruck are affected:\nG-Code EEC-2xxx version 1.12.0.25 and prior\nG-Cam EBC-21xx version 1.12.0.25 and prior\nG-Cam EFD-22xx version 1.12.0.25 and prior\nG-Cam ETHC-22xx version 1.12.0.25 and prior\nG-Cam EWPC-22xx version 1.12.0.25 and prior",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-10956"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      },
      {
        "db": "BID",
        "id": "108579"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10956"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "ICS CERT",
        "id": "ICSA-19-155-03",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10956",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "108579",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014194",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22346",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-088",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10956",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10956"
      },
      {
        "db": "BID",
        "id": "108579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-088"
      }
    ]
  },
  "id": "VAR-202001-1487",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      }
    ],
    "trust": 1.5125
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:27:45.179000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.geutebrueck.com/"
      },
      {
        "title": "Patch for Geutebr\u00fcck G-Cam and G-Code OS command injection vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/213553"
      },
      {
        "title": "Multiple Geutebr\u00fcck Product Command Injection Vulnerability Fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93177"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-088"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10956"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-155-03"
      },
      {
        "trust": 1.6,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-155-03"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10956"
      },
      {
        "trust": 0.9,
        "url": "https://www.geutebrueck.com/en_en.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10956"
      },
      {
        "trust": 0.7,
        "url": "https://www.securityfocus.com/bid/108579"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10956"
      },
      {
        "db": "BID",
        "id": "108579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-088"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-10956"
      },
      {
        "db": "BID",
        "id": "108579"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-10956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-088"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      },
      {
        "date": "2020-01-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-10956"
      },
      {
        "date": "2019-06-05T00:00:00",
        "db": "BID",
        "id": "108579"
      },
      {
        "date": "2020-02-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      },
      {
        "date": "2020-01-17T18:15:12.040000",
        "db": "NVD",
        "id": "CVE-2019-10956"
      },
      {
        "date": "2019-06-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-088"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22346"
      },
      {
        "date": "2020-01-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-10956"
      },
      {
        "date": "2019-06-05T00:00:00",
        "db": "BID",
        "id": "108579"
      },
      {
        "date": "2020-02-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      },
      {
        "date": "2020-01-24T22:10:30.303000",
        "db": "NVD",
        "id": "CVE-2019-10956"
      },
      {
        "date": "2020-01-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-088"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-088"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Geutebruck IP Camera G-Code and  G-Cam In  OS Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014194"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-088"
      }
    ],
    "trust": 0.6
  }
}

ICSA-19-155-03

Vulnerability from csaf_cisa - Published: 2019-06-04 00:00 - Updated: 2019-06-04 00:00

Summary

Geutebrück G-Cam and G-Code

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow remote code execution as root and remote code execution in the browser of the IP camera operator.

Critical infrastructure sectors

Commercial Facilities, Energy, Financial Services, Government Facilities, Healthcare and Public Health, Transportation Systems

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Recommended Practices

NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Romain Luyer",
          "Guillaume Gronnier"
        ],
        "organization": "CEIS",
        "summary": "reporting these vulnerabilities to NCCIC"
      },
      {
        "names": [
          "Davy Douhine"
        ],
        "organization": "RandoriSec",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow remote code execution as root and remote code execution in the browser of the IP camera operator.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Energy, Financial Services, Government Facilities, Healthcare and Public Health, Transportation Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-155-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-155-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-155-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-03"
      }
    ],
    "title": "Geutebr\u00fcck G-Cam and G-Code",
    "tracking": {
      "current_release_date": "2019-06-04T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-155-03",
      "initial_release_date": "2019-06-04T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-06-04T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-155-03 Geutebruck IP Cameras"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.12.0.25",
                "product": {
                  "name": "EFD-22xx: All versions 1.12.0.25 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "EFD-22xx"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.12.0.25",
                "product": {
                  "name": "EBC-21xx: All versions 1.12.0.25 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "EBC-21xx"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.12.0.25",
                "product": {
                  "name": "EEC-2xxx: All versions 1.12.0.25 and prior",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "EEC-2xxx"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.12.0.25",
                "product": {
                  "name": "EWPC-22xx: All versions 1.12.0.25 and prior",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "EWPC-22xx"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.12.0.25",
                "product": {
                  "name": "ETHC-22xx: All versions 1.12.0.25 and prior",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "ETHC-22xx"
          }
        ],
        "category": "vendor",
        "name": "Geutebr\u00c3\u00bcck"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10957",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A cross-site scripting vulnerability allows a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user \u0027s browser.CVE-2019-10957 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10957"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Geutebruck recommends users upgrade to the latest firmware, Version 1.12.13.2 or later. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.geutebrueck.com/en_EN/login.html"
        },
        {
          "category": "mitigation",
          "details": "Geutebruck has also released a security advisory",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://portal.geutebrueck.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-10956",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Using a specially crafted URL command, a remote authenticated user can execute commands as root.CVE-2019-10956 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10956"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Geutebruck recommends users upgrade to the latest firmware, Version 1.12.13.2 or later. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.geutebrueck.com/en_EN/login.html"
        },
        {
          "category": "mitigation",
          "details": "Geutebruck has also released a security advisory",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://portal.geutebrueck.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2019-10958",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "User input is not properly validated, which could allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root.CVE-2019-10958 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10958"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Geutebruck recommends users upgrade to the latest firmware, Version 1.12.13.2 or later. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://www.geutebrueck.com/en_EN/login.html"
        },
        {
          "category": "mitigation",
          "details": "Geutebruck has also released a security advisory",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://portal.geutebrueck.com/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2019-10956

Vulnerability from fkie_nvd - Published: 2020-01-17 18:15 - Updated: 2024-11-21 04:20

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/ICSA-19-155-03	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/ICSA-19-155-03	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
geutebrueck	g-code_eec-2400_firmware	*
geutebrueck	g-code_eec-2400	-
geutebrueck	g-cam_ebc-2110_firmware	*
geutebrueck	g-cam_ebc-2110	-
geutebrueck	g-cam_ebc-2111_firmware	*
geutebrueck	g-cam_ebc-2111	-
geutebrueck	g-cam_efd-2240_firmware	*
geutebrueck	g-cam_efd-2240	-
geutebrueck	g-cam_efd-2241_firmware	*
geutebrueck	g-cam_efd-2241	-
geutebrueck	g-cam_efd-2250_firmware	*
geutebrueck	g-cam_efd-2250	-
geutebrueck	g-cam_ethc-2230_firmware	*
geutebrueck	g-cam_ethc-2230	-
geutebrueck	g-cam_ethc-2240_firmware	*
geutebrueck	g-cam_ethc-2240	-
geutebrueck	g-cam_ethc-2239_firmware	*
geutebrueck	g-cam_ethc-2239	-
geutebrueck	g-cam_ethc-2249_firmware	*
geutebrueck	g-cam_ethc-2249	-
geutebrueck	g-cam_ewpc-2270_firmware	*
geutebrueck	g-cam_ewpc-2270	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF8C5A5-0F3A-467A-AFD2-E60ADA62CCBF",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-code_eec-2400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C32316BD-4862-47BC-9CDF-8461B0867284",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8EB2851-9D8A-487C-9B71-5BF9EB5048A7",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-cam_ebc-2110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8752CB59-2B2F-49DA-9307-8B4BDB081494",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "775DBC94-B21B-40D1-8E5F-6FCC422CBFD4",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-cam_ebc-2111:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA6A053D-DD65-4FC3-A053-FE3FB3E640F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FD3D4CF-129F-4AAA-9FC3-35C3DFB5ED17",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-cam_efd-2240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B75A2AE-8029-4BF1-8B13-5698738ADD8D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B9BEC3-0176-4985-BE0A-54287072E21B",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-cam_efd-2241:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFAA8B7F-8CFF-4BE9-9301-0D60FF3370DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00C44320-C897-4D9A-AE77-6DAE7180AF07",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-cam_efd-2250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A628256-3DB6-4316-BF48-16C7147702F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2947E7D8-912F-48BB-B0CA-4223A76B8E1D",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-cam_ethc-2230:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A04410F-F5DD-4C0A-ADC5-F531418BC6A2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A2E4987-7C8C-441E-ADAA-F2E9642DABA6",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-cam_ethc-2240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57913EDA-9EA4-449E-ADE0-B785073AA92C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3052946A-3500-4824-A032-9E7E2861959A",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-cam_ethc-2239:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B4318D-1EF6-4697-B613-601B099D0A29",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94563FF-BF68-43F4-873A-DC6FCCC08EE2",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-cam_ethc-2249:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF52FD5-3CD6-4463-9B89-546AF6FFEF03",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "922E63BC-4703-4120-8AC4-5ED1EECC085E",
              "versionEndIncluding": "1.12.0.25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1CC8C3-EC7A-4BE2-AA0E-38DA0783FC68",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root."
    },
    {
      "lang": "es",
      "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): todas las versiones 1.12.0.25 y anteriores, pueden permitir un usuario autenticado remoto, utilizando un comando URL dise\u00f1ado, ejecutar comandos como root."
    }
  ],
  "id": "CVE-2019-10956",
  "lastModified": "2024-11-21T04:20:13.833",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-17T18:15:12.040",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-10956

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-10956

Aliases

CVE-2019-10956

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-10956",
    "description": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root.",
    "id": "GSD-2019-10956"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-10956"
      ],
      "details": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root.",
      "id": "GSD-2019-10956",
      "modified": "2023-12-13T01:23:57.895532Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2019-10956",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Geutebruck IP Cameras",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-code_eec-2400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-code_eec-2400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2110_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2110:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ebc-2111_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ebc-2111:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2240_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2240:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2241_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2241:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_efd-2250_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_efd-2250:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2230_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2230:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2240_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2240:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2239_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2239:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ethc-2249_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ethc-2249:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:geutebrueck:g-cam_ewpc-2270_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.12.0.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:geutebrueck:g-cam_ewpc-2270:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10956"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-01-24T22:10Z",
      "publishedDate": "2020-01-17T18:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-10956 (GCVE-0-2019-10956)

GHSA-3MJ4-2258-CJ4P

CNVD-2020-22346

VAR-202001-1487

ICSA-19-155-03

FKIE_CVE-2019-10956

GSD-2019-10956

Tags

Sightings

Nomenclature