The NCCIC has published an advisory on cross-site scripting and OS command injection vulnerabilities in Geutebrück G-Cam and G-Code. Numerous products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow remote code execution as root and remote code execution in the browser of the IP camera operator. Geutebrück recommends users upgrade to the latest firmware, Version 1.12.13.2 or later. The NCCIC also recommends a series of mitigating measures. Read the advisory at NCCIC/ICS-CERT.