[0day] Anonymous RCE on Geutebruck IP Cameras

Davy Douhine February 15, 2017 0day

Abstract Last summer during a pentest for a client we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” (source: [http://www.sourcesecurity.com/companies/enhanced-company-listing/geutebruck-gmbh.html] (http://www.sourcesecurity.com/companies/enhanced-company-listing/geutebruck-gmbh.html)) and found a trivial remote command execution vulnerability (0day) affecting version 1.11.0.12 and prior versions. We’ve choose to “responsible disclose” it, directly to Geutebruck and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team). Probably the best option as the Mirai botnet was actively exploiting IP cams at that time.

[0day] Authentication Bypass on Belden Hirschmann GECKO switches

Davy Douhine February 2, 2017 0day

Abstract Last summer during a pentest for a client we came across industrial switches made by Hirschmann: a Belden Brand, (which) provides the industry with leading Ethernet networking technology and sets the industrial networking standards for quality, reliability and service. (Source: http://www.belden.com/aboutbelden/brands/Hirschmann.cfm ) and found a few unknown vulnerabilities (0day) affecting version 2.0.00 and prior versions. We’ve choose to “responsible disclose” them, directly to Hirschmann and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team).

Categories

Tags