Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Genetec Inc.

#f2b06212-cb4b-41a4-9501-fa2e367495b8
PolicyEmail

Short Name

Genetec

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

genetec.com

Country

Canada

Scope

Genetec products and solutions only.
Reported CVEsVendorsProductsReports
10Vulnerabilities found
CVE-2026-40619
Assigner-Genetec Inc.
ShareView Details
Assigner-Genetec Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.89%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 14:37
Updated-03 Jun, 2026 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation. This vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number. Consequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section.

Action-Not Available
Vendor-Genetec Inc.
Product-Genetec Security Center
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-25112
Assigner-Genetec Inc.
ShareView Details
Assigner-Genetec Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.82%
||
7 Day CHG-0.00%
Published-26 May, 2026 | 14:52
Updated-09 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.

Action-Not Available
Vendor-Genetec Inc.
Product-Genetec Airport Operational ManagerGenetec Industrial IoTGenetec Mission ControlGenetec Restricted Security AreaGenetec RabbitMQGenetec Inter-System GatewayGenetec Sipelia
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-27768
Assigner-Genetec Inc.
ShareView Details
Assigner-Genetec Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 10.65%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 15:39
Updated-27 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection affecting the Access Manager role.

Action-Not Available
Vendor-Genetec Inc.
Product-Genetec Security Center
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1789
Assigner-Genetec Inc.
ShareView Details
Assigner-Genetec Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.02% / 4.14%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 18:47
Updated-26 Apr, 2026 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.

Action-Not Available
Vendor-genetecGenetec Inc.
Product-genetec_update_serviceGenetec Update Service
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-1787
Assigner-Genetec Inc.
ShareView Details
Assigner-Genetec Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 18:44
Updated-26 Apr, 2026 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.

Action-Not Available
Vendor-genetecGenetec Inc.
Product-genetec_update_serviceGenetec Update Service
CWE ID-CWE-346
Origin Validation Error
CVE-2025-1790
Assigner-Genetec Inc.
ShareView Details
Assigner-Genetec Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.02% / 6.11%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 16:45
Updated-26 Apr, 2026 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.

Action-Not Available
Vendor-Genetec Inc.
Product-Genetec Sipelia
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-43027
Assigner-Genetec Inc.
ShareView Details
Assigner-Genetec Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 20.00%
||
7 Day CHG-0.00%
Published-30 Oct, 2025 | 14:12
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.

Action-Not Available
Vendor-Genetec Inc.
Product-Genetec Security Center
CWE ID-CWE-284
Improper Access Control
CVE-2025-2928
Assigner-Genetec Inc.
ShareView Details
Assigner-Genetec Inc.
CVSS Score-7.2||HIGH
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:44
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection affecting the Archiver role.

Action-Not Available
Vendor-Genetec Inc.
Product-Genetec Security Center
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7059
Assigner-Genetec Inc.
ShareView Details
Assigner-Genetec Inc.
CVSS Score-8.9||HIGH
EPSS-0.36% / 58.23%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 13:13
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.

Action-Not Available
Vendor-Genetec Inc.genetec
Product-Genetec Security Centersecurity_center
CWE ID-CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CVE-2023-1522
Assigner-Genetec Inc.
ShareView Details
Assigner-Genetec Inc.
CVSS Score-8.8||HIGH
EPSS-0.72% / 72.93%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 18:51
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection in the Hardware Inventory report of Security Center 5.11.2.

Action-Not Available
Vendor-genetecGenetec Inc.
Product-security_centerGenetec Security Center
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')