November 17, 2022
A critical vulnerability was discovered in the RabbitMQ message broker, a third-party component used by some Genetec products to communicate together.
As a consequence, some versions of Mission Control, Sipelia, Industrial IoT plugin, Airport Operational Manager (AOM) plugin, Restricted Security Area (RSA) Surveillance plugin, and Inter-System Gateway (IS Gateway) service are affected and must be patched as soon as possible in order to mitigate any risk of compromise.
This vulnerability, identified as CVE-2022-37026, originates from a bug in Erlang OTP and may allow a malicious actor to bypass the authentication process and impersonate other users when the server is configured to use TLS or DTLS authentication.
This vulnerability has a base score of 9.8 (CVSS 3.1)
|Genetec products||Version||Update with|
|Sipelia||2.10 and earlier||Sipelia 2.12GA|
|Mission Control||All||RabbitMQ 22.214.171.124|
|IoT Plugin||All||RabbitMQ 126.96.36.199|
|ISG Plugin||All||RabbitMQ 188.8.131.52|
|RSA Plugin||All||RabbitMQ 184.108.40.206|
|AOM Plugin||All||RabbitMQ 220.127.116.11|
Please refer to KBA-79137 for more details.
To remediate this vulnerability for Sipelia, Genetec Inc. recommends that their customers update Sipelia to the latest version (Sipelia 2.12GA).
To address this vulnerability for the other impacted products, Genetec Inc. recommends that their customers update their systems with a newer version of RabbitMQ (RabbitMQ 18.104.22.168).
The packages are available on the Genetec Technical Assistance Portal (GTAP).
If you would like more information or need assistance, please log in to the Genetec Technical Assistance Portal (GTAP) to open a ticket.