Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html | Exploit Third Party Advisory |
| https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
| AND |
|
History
No history.
Information
Published : 2020-08-14 14:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-16205
Mitre link : CVE-2020-16205
CVE.ORG link : CVE-2020-16205
JSON object : View
Products Affected
geutebrueck
- g-cam_ethc-2240_firmware
- g-cam_ewpc-2270
- g-cam_ethc-2230_firmware
- g-cam_efd-2240_firmware
- g-cam_ethc-2239
- g-cam_ethc-2240
- g-cam_ebc-2111_firmware
- g-cam_ethc-2230
- g-cam_ebc-2111
- g-cam_efd-2241_firmware
- g-cam_ebc-2110
- g-code_eec-2400_firmware
- g-cam_efd-2241
- g-cam_ethc-2249
- g-cam_efd-2240
- g-cam_ethc-2249_firmware
- g-cam_ebc-2110_firmware
- g-cam_efd-2250_firmware
- g-cam_ewpc-2270_firmware
- g-code_eec-2400
- g-cam_efd-2250
- g-cam_ethc-2239_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')