Critical vulnerability in RabbitMQ affecting Genetec products
November 17, 2022
A critical vulnerability was discovered in the RabbitMQ message broker, a third-party component used by some Genetec products to communicate together.
As a consequence, some versions of Mission Control, Sipelia, Industrial IoT plugin, Airport Operational Manager (AOM) plugin, Restricted Security Area (RSA) Surveillance plugin, and Inter-System Gateway (IS Gateway) service are affected and must be patched as soon as possible in order to mitigate any risk of compromise.
Risk assessment
This vulnerability, identified as CVE-2022-37026, originates from a bug in Erlang OTP and may allow a malicious actor to bypass the authentication process and impersonate other users when the server is configured to use TLS or DTLS authentication.
This vulnerability has a base score of 9.8 (CVSS 3.1)
Affected products
| Genetec products | Version | Update with |
| Sipelia | 2.10 and earlier | Sipelia 2.12GA |
| Mission Control | All | RabbitMQ 3.9.15.1 |
| IoT Plugin | All | RabbitMQ 3.9.15.1 |
| ISG Plugin | All | RabbitMQ 3.9.15.1 |
| RSA Plugin | All | RabbitMQ 3.9.15.1 |
| AOM Plugin | All | RabbitMQ 3.9.15.1 |
Please refer to KBA-79137 for more details.
Recommendation
To remediate this vulnerability for Sipelia, Genetec Inc. recommends that their customers update Sipelia to the latest version (Sipelia 2.12GA).
To address this vulnerability for the other impacted products, Genetec Inc. recommends that their customers update their systems with a newer version of RabbitMQ (RabbitMQ 3.9.15.1).
The packages are available on the Genetec Technical Assistance Portal (GTAP).
If you would like more information or need assistance, please log in to the Genetec Technical Assistance Portal (GTAP) to open a ticket.