November 17, 2022
A critical vulnerability was discovered in the RabbitMQ message broker, a third-party component used by some Genetec products to communicate together.
As a consequence, some versions of Mission Control, Sipelia, Industrial IoT plugin, Airport Operational Manager (AOM) plugin, Restricted Security Area (RSA) Surveillance plugin, and Inter-System Gateway (IS Gateway) service are affected and must be patched as soon as possible in order to mitigate any risk of compromise.
This vulnerability, identified as CVE-2022-37026, originates from a bug in Erlang OTP and may allow a malicious actor to bypass the authentication process and impersonate other users when the server is configured to use TLS or DTLS authentication.
This vulnerability has a base score of 9.8 (CVSS 3.1)
|Genetec products||Version||Update with|
|Sipelia||2.10 and earlier||Sipelia 2.12GA|
|Mission Control||All||RabbitMQ 18.104.22.168|
|IoT Plugin||All||RabbitMQ 22.214.171.124|
|ISG Plugin||All||RabbitMQ 126.96.36.199|
|RSA Plugin||All||RabbitMQ 188.8.131.52|
|AOM Plugin||All||RabbitMQ 184.108.40.206|
Please refer to KBA-79137 for more details.
To remediate this vulnerability for Sipelia, Genetec Inc. recommends that their customers update Sipelia to the latest version (Sipelia 2.12GA).
To address this vulnerability for the other impacted products, Genetec Inc. recommends that their customers update their systems with a newer version of RabbitMQ (RabbitMQ 220.127.116.11).
The packages are available on the Genetec Technical Assistance Portal (GTAP).
If you would like more information or need assistance, please log in to the Genetec Technical Assistance Portal (GTAP) to open a ticket.