Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2025-43027 (GCVE-0-2025-43027)

Vulnerability from cvelistv5 – Published: 2025-10-30 14:12 – Updated: 2025-10-31 03:55

Summary

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-284 - Improper Access Control

Assigner

Genetec

References

URL

Tags

	https://resources.genetec.com/security-advisories…
	https://ressources.genetec.com/avis-de-securite/f…

Impacted products

	Vendor	Product	Version
	Genetec Inc.	Genetec Security Center	Unaffected: >=5.9.5.10 (semver) Affected: <5.9.5.10 (semver) Unaffected: >=5.10.4.29 (semver) Affected: >=5.10.0.0 <5.10.4.29 (semver) Unaffected: >=5.11.3.25 (semver) Affected: >=5.11.0.0 <5.11.3.25 (semver) Unaffected: >=5.12.2.12 (semver) Affected: >=5.12.0.0 <5.12.2.12 (semver) Unaffected: >=5.13.2.3 (semver) Affected: >=5.13.0.0 <5.13.2.3 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43027",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-30T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-31T03:55:30.389Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Genetec Security Center",
          "vendor": "Genetec Inc.",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003e=5.9.5.10",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003c5.9.5.10",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.10.4.29",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.10.0.0 \u003c5.10.4.29",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.11.3.25",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.11.0.0 \u003c5.11.3.25",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.12.2.12",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.12.0.0 \u003c5.12.2.12",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.13.2.3",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.13.0.0 \u003c5.13.2.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115: Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T14:26:32.672Z",
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec"
      },
      "references": [
        {
          "url": "https://resources.genetec.com/security-advisories/critical-security-vulnerability-affecting-the-alpr-manager-role-of-security-center"
        },
        {
          "url": "https://ressources.genetec.com/avis-de-securite/faille-de-securite-critique-affectant-le-role-gestionnaire-rapi-de-security-center"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Security Center 5.13.2.3, 5.12.2.12, 5.11.3.25, 5.10.4.29, 5.9.5.10 and all later versions. Customers running an affected version of Security Center should apply the latest update as soon as possible. Customers not using AutoVu automatic license plate recognition (ALPR) should deactivate the ALPR Manager role. You can find out how by searching Deactivating and activating roles in the TechDoc Hub."
        }
      ],
      "workarounds": [
        {
          "lang": "en",
          "value": "If the ALPR Manager role must be used and the Security Center instance cannot be updated promptly, the system administrator should reduce exposure to the system. This can be done by restricting network access to trusted sources and enforcing secure connectivity measures, such as VPN or equivalent controls."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "cveId": "CVE-2025-43027",
    "datePublished": "2025-10-30T14:12:27.918Z",
    "dateReserved": "2025-04-16T14:08:47.338Z",
    "dateUpdated": "2025-10-31T03:55:30.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-2928 (GCVE-0-2025-2928)

Vulnerability from cvelistv5 – Published: 2025-07-29 17:44 – Updated: 2025-08-05 03:56

Summary

SQL Injection affecting the Archiver role.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

Genetec

References

URL

Tags

	https://techdocs.genetec.com/viewer/book-attachme…
	https://techdocs.genetec.com/viewer/book-attachme…
	https://techdocs.genetec.com/r/en-US/Security-Upd…
	https://techdocs.genetec.com/r/en-US/Security-Upd…
	https://techdocs.genetec.com/r/en-US/Security-Upd…

Impacted products

	Vendor	Product	Version
	Genetec Inc.	Genetec Security Center	Affected: >=5.9.0.0 <5.9.5.9 (semver) Unaffected: >=5.9.5.9 (semver) Affected: >=5.10.0.0 <5.10.4.28 (semver) Unaffected: >=5.10.4.28 (semver) Affected: >=5.11.0.0 <5.11.3.19 (semver) Unaffected: >=5.11.3.19 (semver) Affected: >=5.12.0.0 <5.12.2.6 (semver) Unaffected: >=5.12.2.6 (semver) Affected: >=5.13.0.0 <5.13.1.1 (semver) Unaffected: >=5.13.1.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2928",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-04T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-05T03:56:13.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Genetec Security Center",
          "vendor": "Genetec Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=5.9.0.0 \u003c5.9.5.9",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.9.5.9",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.10.0.0 \u003c5.10.4.28",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.10.4.28",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.11.0.0 \u003c5.11.3.19",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.11.3.19",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.12.0.0 \u003c5.12.2.6",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.12.2.6",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.13.0.0 \u003c5.13.1.1",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.13.1.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL Injection affecting the Archiver role."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66: SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T17:46:49.036Z",
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec"
      },
      "references": [
        {
          "url": "https://techdocs.genetec.com/viewer/book-attachment/SZjl87Xb1QrEBmA7EPMZ0Q/wXhU660do0oVQGF89qoodA-SZjl87Xb1QrEBmA7EPMZ0Q"
        },
        {
          "url": "https://techdocs.genetec.com/viewer/book-attachment/EG5x3MPOu~J5abi1egkvRA/N2xk_nlluPjBSxRU11ZCVA-EG5x3MPOu~J5abi1egkvRA"
        },
        {
          "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-Security-Center-5.11/Resolved-vulnerabilities-in-Security-Center-5.11.3.19"
        },
        {
          "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-Security-Center-5.12/Resolved-vulnerabilities-in-Security-Center-5.12.2.6"
        },
        {
          "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-Security-Center-5.13/Resolved-vulnerabilities-in-Security-Center-5.13.1.1"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Security Center 5.9.5.9, 5.10.4.28, 5.11.3.19, 5.12.2.6, 5.13.1.1 and all later versions."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "cveId": "CVE-2025-2928",
    "datePublished": "2025-07-29T17:44:23.252Z",
    "dateReserved": "2025-03-28T13:26:05.258Z",
    "dateUpdated": "2025-08-05T03:56:13.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7059 (GCVE-0-2024-7059)

Vulnerability from cvelistv5 – Published: 2024-11-05 13:13 – Updated: 2024-11-09 22:45

Summary

A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Assigner

Genetec

References

URL

Tags

	https://resources.genetec.com/security-advisories…
	https://ressources.genetec.com/bulletins-de-secur…

Impacted products

	Vendor	Product	Version
	Genetec Inc.	Genetec Security Center	Affected: <5.8.2.1 (semver) Unaffected: >=5.8.2.1 (semver) Affected: >=5.9.0.0 <5.9.5.8 (semver) Unaffected: >=5.9.5.8 (semver) Affected: >=5.10.0.0 <5.10.4.23 (semver) Unaffected: >=5.10.4.23 (semver) Affected: >=5.11.0.0 <5.11.3.13 (semver) Unaffected: >=5.11.3.13 (semver) Affected: >=5.12.0.0 <5.12.1.3 (semver) Unaffected: >=5.12.1.3 <5.12.2.0 (semver) Affected: >=5.12.2.0 <5.12.2.1 (semver) Unaffected: >=5.12.2.1 (semver)

Credits

AlgoSecure, Louis Moubinous

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:genetec:security_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "security_center",
            "vendor": "genetec",
            "versions": [
              {
                "lessThan": "5.8.2.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.9.5.8",
                "status": "affected",
                "version": "5.9.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.10.4.23",
                "status": "affected",
                "version": "5.10.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.11.3.13",
                "status": "affected",
                "version": "5.11.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.12.1.3",
                "status": "affected",
                "version": "5.12.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.12.2.1",
                "status": "affected",
                "version": "5.12.2.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T15:06:17.075211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:11:38.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Genetec Security Center",
          "vendor": "Genetec Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c5.8.2.1",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.8.2.1",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.9.0.0 \u003c5.9.5.8",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.9.5.8",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.10.0.0 \u003c5.10.4.23",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.10.4.23",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.11.0.0 \u003c5.11.3.13",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.11.3.13",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.12.0.0 \u003c5.12.1.3",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.12.1.3 \u003c5.12.2.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.12.2.0 \u003c5.12.2.1",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.12.2.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "AlgoSecure, Louis Moubinous"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-138",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-138: Reflection Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-09T22:45:41.270Z",
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec"
      },
      "references": [
        {
          "url": "https://resources.genetec.com/security-advisories/high-severity-vulnerability-affecting-security-center-web-sdk-role"
        },
        {
          "url": "https://ressources.genetec.com/bulletins-de-securite/vulnerabilite-de-haute-severite-affectant-le-role-sdk-web-de-security-center"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Security Center 5.8.2.1, 5.9.5.8, 5.10.4.23, 5.11.3.13, 5.12.1.3, 5.12.2.1 and all later versions."
        }
      ],
      "workarounds": [
        {
          "lang": "en",
          "value": "If the Security Center instance cannot be updated in a timely fashion, the system administrator should deactivate the Web-based SDK role."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "cveId": "CVE-2024-7059",
    "datePublished": "2024-11-05T13:13:29.839Z",
    "dateReserved": "2024-07-23T20:53:20.464Z",
    "dateUpdated": "2024-11-09T22:45:41.270Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1522 (GCVE-0-2023-1522)

Vulnerability from cvelistv5 – Published: 2023-04-05 18:51 – Updated: 2025-02-12 15:45

Summary

SQL Injection in the Hardware Inventory report of Security Center 5.11.2.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 SQL Injection

Assigner

Genetec

References

URL

Tags

https://www.genetec.com/blog/data-protection/high…

Impacted products

	Vendor	Product	Version
	Genetec Inc.	Genetec Security Center	Affected: 5.11.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.genetec.com/blog/data-protection/high-severity-vulnerability-affecting-the-hardware-inventory-report-task-of-security-center"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-1522",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T15:41:57.240276Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:45:26.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Genetec Security Center",
          "vendor": "Genetec Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.11.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL Injection in the Hardware Inventory report of Security Center 5.11.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-89 SQL Injection",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T18:51:02.590Z",
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec"
      },
      "references": [
        {
          "url": "https://www.genetec.com/blog/data-protection/high-severity-vulnerability-affecting-the-hardware-inventory-report-task-of-security-center"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "cveId": "CVE-2023-1522",
    "datePublished": "2023-04-05T18:51:02.590Z",
    "dateReserved": "2023-03-20T16:24:06.438Z",
    "dateUpdated": "2025-02-12T15:45:26.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-43027 (GCVE-0-2025-43027)

Vulnerability from nvd – Published: 2025-10-30 14:12 – Updated: 2025-10-31 03:55

Summary

A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-284 - Improper Access Control

Assigner

Genetec

References

URL

Tags

	https://resources.genetec.com/security-advisories…
	https://ressources.genetec.com/avis-de-securite/f…

Impacted products

	Vendor	Product	Version
	Genetec Inc.	Genetec Security Center	Unaffected: >=5.9.5.10 (semver) Affected: <5.9.5.10 (semver) Unaffected: >=5.10.4.29 (semver) Affected: >=5.10.0.0 <5.10.4.29 (semver) Unaffected: >=5.11.3.25 (semver) Affected: >=5.11.0.0 <5.11.3.25 (semver) Unaffected: >=5.12.2.12 (semver) Affected: >=5.12.0.0 <5.12.2.12 (semver) Unaffected: >=5.13.2.3 (semver) Affected: >=5.13.0.0 <5.13.2.3 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43027",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-30T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-31T03:55:30.389Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Genetec Security Center",
          "vendor": "Genetec Inc.",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003e=5.9.5.10",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003c5.9.5.10",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.10.4.29",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.10.0.0 \u003c5.10.4.29",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.11.3.25",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.11.0.0 \u003c5.11.3.25",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.12.2.12",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.12.0.0 \u003c5.12.2.12",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.13.2.3",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.13.0.0 \u003c5.13.2.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115: Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T14:26:32.672Z",
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec"
      },
      "references": [
        {
          "url": "https://resources.genetec.com/security-advisories/critical-security-vulnerability-affecting-the-alpr-manager-role-of-security-center"
        },
        {
          "url": "https://ressources.genetec.com/avis-de-securite/faille-de-securite-critique-affectant-le-role-gestionnaire-rapi-de-security-center"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Security Center 5.13.2.3, 5.12.2.12, 5.11.3.25, 5.10.4.29, 5.9.5.10 and all later versions. Customers running an affected version of Security Center should apply the latest update as soon as possible. Customers not using AutoVu automatic license plate recognition (ALPR) should deactivate the ALPR Manager role. You can find out how by searching Deactivating and activating roles in the TechDoc Hub."
        }
      ],
      "workarounds": [
        {
          "lang": "en",
          "value": "If the ALPR Manager role must be used and the Security Center instance cannot be updated promptly, the system administrator should reduce exposure to the system. This can be done by restricting network access to trusted sources and enforcing secure connectivity measures, such as VPN or equivalent controls."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "cveId": "CVE-2025-43027",
    "datePublished": "2025-10-30T14:12:27.918Z",
    "dateReserved": "2025-04-16T14:08:47.338Z",
    "dateUpdated": "2025-10-31T03:55:30.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-2928 (GCVE-0-2025-2928)

Vulnerability from nvd – Published: 2025-07-29 17:44 – Updated: 2025-08-05 03:56

Summary

SQL Injection affecting the Archiver role.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

Genetec

References

URL

Tags

	https://techdocs.genetec.com/viewer/book-attachme…
	https://techdocs.genetec.com/viewer/book-attachme…
	https://techdocs.genetec.com/r/en-US/Security-Upd…
	https://techdocs.genetec.com/r/en-US/Security-Upd…
	https://techdocs.genetec.com/r/en-US/Security-Upd…

Impacted products

	Vendor	Product	Version
	Genetec Inc.	Genetec Security Center	Affected: >=5.9.0.0 <5.9.5.9 (semver) Unaffected: >=5.9.5.9 (semver) Affected: >=5.10.0.0 <5.10.4.28 (semver) Unaffected: >=5.10.4.28 (semver) Affected: >=5.11.0.0 <5.11.3.19 (semver) Unaffected: >=5.11.3.19 (semver) Affected: >=5.12.0.0 <5.12.2.6 (semver) Unaffected: >=5.12.2.6 (semver) Affected: >=5.13.0.0 <5.13.1.1 (semver) Unaffected: >=5.13.1.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2928",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-04T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-05T03:56:13.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Genetec Security Center",
          "vendor": "Genetec Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=5.9.0.0 \u003c5.9.5.9",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.9.5.9",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.10.0.0 \u003c5.10.4.28",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.10.4.28",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.11.0.0 \u003c5.11.3.19",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.11.3.19",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.12.0.0 \u003c5.12.2.6",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.12.2.6",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.13.0.0 \u003c5.13.1.1",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.13.1.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL Injection affecting the Archiver role."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66: SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-29T17:46:49.036Z",
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec"
      },
      "references": [
        {
          "url": "https://techdocs.genetec.com/viewer/book-attachment/SZjl87Xb1QrEBmA7EPMZ0Q/wXhU660do0oVQGF89qoodA-SZjl87Xb1QrEBmA7EPMZ0Q"
        },
        {
          "url": "https://techdocs.genetec.com/viewer/book-attachment/EG5x3MPOu~J5abi1egkvRA/N2xk_nlluPjBSxRU11ZCVA-EG5x3MPOu~J5abi1egkvRA"
        },
        {
          "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-Security-Center-5.11/Resolved-vulnerabilities-in-Security-Center-5.11.3.19"
        },
        {
          "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-Security-Center-5.12/Resolved-vulnerabilities-in-Security-Center-5.12.2.6"
        },
        {
          "url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-Security-Center-5.13/Resolved-vulnerabilities-in-Security-Center-5.13.1.1"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Security Center 5.9.5.9, 5.10.4.28, 5.11.3.19, 5.12.2.6, 5.13.1.1 and all later versions."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "cveId": "CVE-2025-2928",
    "datePublished": "2025-07-29T17:44:23.252Z",
    "dateReserved": "2025-03-28T13:26:05.258Z",
    "dateUpdated": "2025-08-05T03:56:13.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7059 (GCVE-0-2024-7059)

Vulnerability from nvd – Published: 2024-11-05 13:13 – Updated: 2024-11-09 22:45

Summary

A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Assigner

Genetec

References

URL

Tags

	https://resources.genetec.com/security-advisories…
	https://ressources.genetec.com/bulletins-de-secur…

Impacted products

	Vendor	Product	Version
	Genetec Inc.	Genetec Security Center	Affected: <5.8.2.1 (semver) Unaffected: >=5.8.2.1 (semver) Affected: >=5.9.0.0 <5.9.5.8 (semver) Unaffected: >=5.9.5.8 (semver) Affected: >=5.10.0.0 <5.10.4.23 (semver) Unaffected: >=5.10.4.23 (semver) Affected: >=5.11.0.0 <5.11.3.13 (semver) Unaffected: >=5.11.3.13 (semver) Affected: >=5.12.0.0 <5.12.1.3 (semver) Unaffected: >=5.12.1.3 <5.12.2.0 (semver) Affected: >=5.12.2.0 <5.12.2.1 (semver) Unaffected: >=5.12.2.1 (semver)

Credits

AlgoSecure, Louis Moubinous

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:genetec:security_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "security_center",
            "vendor": "genetec",
            "versions": [
              {
                "lessThan": "5.8.2.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.9.5.8",
                "status": "affected",
                "version": "5.9.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.10.4.23",
                "status": "affected",
                "version": "5.10.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.11.3.13",
                "status": "affected",
                "version": "5.11.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.12.1.3",
                "status": "affected",
                "version": "5.12.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.12.2.1",
                "status": "affected",
                "version": "5.12.2.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T15:06:17.075211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:11:38.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Genetec Security Center",
          "vendor": "Genetec Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c5.8.2.1",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.8.2.1",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.9.0.0 \u003c5.9.5.8",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.9.5.8",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.10.0.0 \u003c5.10.4.23",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.10.4.23",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.11.0.0 \u003c5.11.3.13",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.11.3.13",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.12.0.0 \u003c5.12.1.3",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.12.1.3 \u003c5.12.2.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "\u003e=5.12.2.0 \u003c5.12.2.1",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "\u003e=5.12.2.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "AlgoSecure, Louis Moubinous"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-138",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-138: Reflection Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-470",
              "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-09T22:45:41.270Z",
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec"
      },
      "references": [
        {
          "url": "https://resources.genetec.com/security-advisories/high-severity-vulnerability-affecting-security-center-web-sdk-role"
        },
        {
          "url": "https://ressources.genetec.com/bulletins-de-securite/vulnerabilite-de-haute-severite-affectant-le-role-sdk-web-de-security-center"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in Security Center 5.8.2.1, 5.9.5.8, 5.10.4.23, 5.11.3.13, 5.12.1.3, 5.12.2.1 and all later versions."
        }
      ],
      "workarounds": [
        {
          "lang": "en",
          "value": "If the Security Center instance cannot be updated in a timely fashion, the system administrator should deactivate the Web-based SDK role."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "cveId": "CVE-2024-7059",
    "datePublished": "2024-11-05T13:13:29.839Z",
    "dateReserved": "2024-07-23T20:53:20.464Z",
    "dateUpdated": "2024-11-09T22:45:41.270Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1522 (GCVE-0-2023-1522)

Vulnerability from nvd – Published: 2023-04-05 18:51 – Updated: 2025-02-12 15:45

Summary

SQL Injection in the Hardware Inventory report of Security Center 5.11.2.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 SQL Injection

Assigner

Genetec

References

URL

Tags

https://www.genetec.com/blog/data-protection/high…

Impacted products

	Vendor	Product	Version
	Genetec Inc.	Genetec Security Center	Affected: 5.11.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.genetec.com/blog/data-protection/high-severity-vulnerability-affecting-the-hardware-inventory-report-task-of-security-center"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-1522",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T15:41:57.240276Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:45:26.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Genetec Security Center",
          "vendor": "Genetec Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.11.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL Injection in the Hardware Inventory report of Security Center 5.11.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-89 SQL Injection",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T18:51:02.590Z",
        "orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
        "shortName": "Genetec"
      },
      "references": [
        {
          "url": "https://www.genetec.com/blog/data-protection/high-severity-vulnerability-affecting-the-hardware-inventory-report-task-of-security-center"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
    "assignerShortName": "Genetec",
    "cveId": "CVE-2023-1522",
    "datePublished": "2023-04-05T18:51:02.590Z",
    "dateReserved": "2023-03-20T16:24:06.438Z",
    "dateUpdated": "2025-02-12T15:45:26.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

8 vulnerabilities found for Genetec Security Center by Genetec Inc.

CVE-2025-43027 (GCVE-0-2025-43027)

CVE-2025-2928 (GCVE-0-2025-2928)

CVE-2024-7059 (GCVE-0-2024-7059)

CVE-2023-1522 (GCVE-0-2023-1522)

CVE-2025-43027 (GCVE-0-2025-43027)

CVE-2025-2928 (GCVE-0-2025-2928)

CVE-2024-7059 (GCVE-0-2024-7059)

CVE-2023-1522 (GCVE-0-2023-1522)