Description
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation.

This vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number.

Consequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section.
Published: 2026-06-02
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A high‑severity flaw in Genetec Security Center main server installations permits an attacker who already has local OS privileges to retrieve Server Admin credentials. The weakness is tied to specific installation package builds rather than the product version number alone, and it effectively exposes privileged credentials that can be used to compromise the entire system. The vulnerability is classified as CWE‑532, indicating an issue with improper handling of sensitive information in the installation payload.

Affected Systems

Genetec Security Center main server installations, specifically versions 5.10.4.0, 5.11.3.0, 5.12.2.0, and 5.13.3.0. These releases contained both vulnerable and remediated installation packages under the same version identifier, so a purely version‑based check is insufficient to determine exposure.

Risk and Exploitability

The CVSS score of 7.8 indicates a moderate‑to‑high exploitation potential. The EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog, with no evidence of active exploitation. Because the attack requires local OS privileges, the threat is confined to environments where an attacker can gain such access, but once achieved, the attacker can obtain powerful credentials, potentially leading to full system compromise.

Generated by OpenCVE AI on June 2, 2026 at 16:52 UTC.

Remediation

Vendor Solution

Updated installation packages have been released for affected versions of Security Center. Installations performed using remediated builds are not vulnerable. For versions that were distributed with both vulnerable and fixed installation packages under the same version number, the following hashes correspond to confirmed remediated builds: - Version 5.10.4.0 (4111.0): SHA1: A2133AB76ECA6988F23FCB83FFF95949E0738C07 - Version 5.11.3.0 (3130.13): SHA1: 9427F5AF127E00DF41CF44AC233976DF56604FFD - Version 5.12.2.0 (2181.44): SHA256: B9284E55EC54EBBC36265EA5DE1272B7752B2A29DDC44804D5459DFC21C16609 - Version 5.13.3.0 (3132.18): SHA256: 5E3B3C9D5A8C633489EFFF71D7883D4E2D89C28009CA2A1D0294FB3B19A79450 Customers should verify the integrity of their installation packages against these values to determine whether a fixed build is in use. If the package hash does not match a known remediated value, it should be considered vulnerable.

OpenCVE Recommended Actions

  • Verify the SHA‑1 or SHA‑256 hash of the installation package you used against the values listed in Genetec’s advisory to determine if the build is remediated.
  • If the hash does not match a known remediated value, download the fixed installer for the corresponding version from Genetec and redeploy the server using that build.
  • For future deployments, restrict installation packages to those with hashes that match the known remediated values and avoid using any packages whose hash fails verification.

Generated by OpenCVE AI on June 2, 2026 at 16:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title Local OS Privileges Enable Extraction of Server Admin Credentials from Vulnerable Installation Packages

Tue, 02 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation. This vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number. Consequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section.
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Genetec

Published:

Updated: 2026-06-02T16:07:21.432Z

Reserved: 2026-04-27T16:27:39.879Z

Link: CVE-2026-40619

cve-icon Vulnrichment

Updated: 2026-06-02T16:07:17.261Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-02T16:16:39.127

Modified: 2026-06-02T17:35:24.027

Link: CVE-2026-40619

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T17:00:16Z

Weaknesses