Search
Find a vulnerability
Search criteria
6 vulnerabilities by genetec
CVE-2025-1789 (GCVE-0-2025-1789)
Vulnerability from nvd – Published: 2026-02-24 18:47 – Updated: 2026-02-26 14:44
VLAI
Summary
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Genetec Inc. | Genetec Update Service |
Affected:
<2.10.600
(semver)
Unaffected: >=2.10.600 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:56:04.010019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:07.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Genetec Update Service",
"vendor": "Genetec Inc.",
"versions": [
{
"status": "affected",
"version": "\u003c2.10.600",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "\u003e=2.10.600",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rutger Flohil"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MVC:H/MVI:H/MVA:H/MSI:H/MSA:H/S:P/AU:N/V:C",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:47:24.913Z",
"orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"shortName": "Genetec"
},
"references": [
{
"url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"assignerShortName": "Genetec",
"cveId": "CVE-2025-1789",
"datePublished": "2026-02-24T18:47:24.913Z",
"dateReserved": "2025-02-28T17:07:08.574Z",
"dateUpdated": "2026-02-26T14:44:07.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1787 (GCVE-0-2025-1787)
Vulnerability from nvd – Published: 2026-02-24 18:44 – Updated: 2026-02-26 14:44
VLAI
Summary
Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Genetec Inc. | Genetec Update Service |
Affected:
<2.10.600
(semver)
Unaffected: >=2.10.600 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:56:05.875817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:07.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Genetec Update Service",
"vendor": "Genetec Inc.",
"versions": [
{
"status": "affected",
"version": "\u003c2.10.600",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "\u003e=2.10.600",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rutger Flohil"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation."
}
],
"impacts": [
{
"capecId": "CAPEC-200",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-200: Removal of filters: Input filters, output filters, data masking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MVC:H/MVI:H/MVA:H/MSI:H/MSA:H/S:P/AU:N/V:C",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:44:36.705Z",
"orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"shortName": "Genetec"
},
"references": [
{
"url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"assignerShortName": "Genetec",
"cveId": "CVE-2025-1787",
"datePublished": "2026-02-24T18:44:36.705Z",
"dateReserved": "2025-02-28T17:05:57.628Z",
"dateUpdated": "2026-02-26T14:44:07.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-1522 (GCVE-0-2023-1522)
Vulnerability from nvd – Published: 2023-04-05 18:51 – Updated: 2025-02-12 15:45
VLAI
Summary
SQL Injection in the Hardware Inventory report of Security Center 5.11.2.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Genetec Inc. | Genetec Security Center |
Affected:
5.11.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.genetec.com/blog/data-protection/high-severity-vulnerability-affecting-the-hardware-inventory-report-task-of-security-center"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-1522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:41:57.240276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:45:26.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Genetec Security Center",
"vendor": "Genetec Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in the Hardware Inventory report of Security Center 5.11.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T18:51:02.590Z",
"orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"shortName": "Genetec"
},
"references": [
{
"url": "https://www.genetec.com/blog/data-protection/high-severity-vulnerability-affecting-the-hardware-inventory-report-task-of-security-center"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"assignerShortName": "Genetec",
"cveId": "CVE-2023-1522",
"datePublished": "2023-04-05T18:51:02.590Z",
"dateReserved": "2023-03-20T16:24:06.438Z",
"dateUpdated": "2025-02-12T15:45:26.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1789 (GCVE-0-2025-1789)
Vulnerability from cvelistv5 – Published: 2026-02-24 18:47 – Updated: 2026-02-26 14:44
VLAI
Summary
Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Genetec Inc. | Genetec Update Service |
Affected:
<2.10.600
(semver)
Unaffected: >=2.10.600 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:56:04.010019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:07.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Genetec Update Service",
"vendor": "Genetec Inc.",
"versions": [
{
"status": "affected",
"version": "\u003c2.10.600",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "\u003e=2.10.600",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rutger Flohil"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MVC:H/MVI:H/MVA:H/MSI:H/MSA:H/S:P/AU:N/V:C",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:47:24.913Z",
"orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"shortName": "Genetec"
},
"references": [
{
"url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"assignerShortName": "Genetec",
"cveId": "CVE-2025-1789",
"datePublished": "2026-02-24T18:47:24.913Z",
"dateReserved": "2025-02-28T17:07:08.574Z",
"dateUpdated": "2026-02-26T14:44:07.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1787 (GCVE-0-2025-1787)
Vulnerability from cvelistv5 – Published: 2026-02-24 18:44 – Updated: 2026-02-26 14:44
VLAI
Summary
Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Genetec Inc. | Genetec Update Service |
Affected:
<2.10.600
(semver)
Unaffected: >=2.10.600 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:56:05.875817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:07.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Genetec Update Service",
"vendor": "Genetec Inc.",
"versions": [
{
"status": "affected",
"version": "\u003c2.10.600",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "\u003e=2.10.600",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rutger Flohil"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege escalation."
}
],
"impacts": [
{
"capecId": "CAPEC-200",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-200: Removal of filters: Input filters, output filters, data masking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:H/IR:H/AR:H/MVC:H/MVI:H/MVA:H/MSI:H/MSA:H/S:P/AU:N/V:C",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:44:36.705Z",
"orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"shortName": "Genetec"
},
"references": [
{
"url": "https://techdocs.genetec.com/r/en-US/Security-Updates-for-GenetecTM-Update-Service-2.10/Resolved-vulnerabilities-in-Genetec-Update-Service-2.10"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Genetec Update Service 2.10.600 and all later versions. Internet connected Genetec Update Service will automatically update themselves."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"assignerShortName": "Genetec",
"cveId": "CVE-2025-1787",
"datePublished": "2026-02-24T18:44:36.705Z",
"dateReserved": "2025-02-28T17:05:57.628Z",
"dateUpdated": "2026-02-26T14:44:07.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-1522 (GCVE-0-2023-1522)
Vulnerability from cvelistv5 – Published: 2023-04-05 18:51 – Updated: 2025-02-12 15:45
VLAI
Summary
SQL Injection in the Hardware Inventory report of Security Center 5.11.2.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Genetec Inc. | Genetec Security Center |
Affected:
5.11.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.genetec.com/blog/data-protection/high-severity-vulnerability-affecting-the-hardware-inventory-report-task-of-security-center"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-1522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:41:57.240276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:45:26.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Genetec Security Center",
"vendor": "Genetec Inc.",
"versions": [
{
"status": "affected",
"version": "5.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in the Hardware Inventory report of Security Center 5.11.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T18:51:02.590Z",
"orgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"shortName": "Genetec"
},
"references": [
{
"url": "https://www.genetec.com/blog/data-protection/high-severity-vulnerability-affecting-the-hardware-inventory-report-task-of-security-center"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2b06212-cb4b-41a4-9501-fa2e367495b8",
"assignerShortName": "Genetec",
"cveId": "CVE-2023-1522",
"datePublished": "2023-04-05T18:51:02.590Z",
"dateReserved": "2023-03-20T16:24:06.438Z",
"dateUpdated": "2025-02-12T15:45:26.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}