HC3 TLP White Alert: Geutebrück G-Cam E2 Series Camera Vulnerabilities - July 28, 2021

Executive Summary

Twelve vulnerabilities, with an overall CVSS score of 9.8, have been discovered in firmware provided by UDP Technology to security camera manufacturer Geutebrück, affecting four camera, and two encoder lines.

The security advisory and latest firmware, which Geutebrück strongly recommends updating to, are located on Geutebrück’s web portal (login required). Additional mitigations are listed in the CISA report, located below, if updates cannot be implemented.

Report

CISA - ICS Advisory (ICSA-21-208-03) Geutebrück G-Cam E2 and G-Code
https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03

Impact to HPH Sector

The Healthcare and Public Health Sector is one of the critical infrastructure sectors in which Geutebrück cameras are used. Any of these vulnerabilities, successfully exploited, could lead to either access to sensitive information or allow for remote code execution.

References

GEUTEBRÜCK - PartnerPortal Login
https://portal.geutebrueck.com/

CISA – Industrial Control System Recommended Practices
https://us-cert.cisa.gov/ics/Recommended-Practices

Contact Information

If you have any additional questions, please contact us at HC3@hhs.gov.