Sign-up

ID

VAR-201901-0269


CVE

CVE-2019-3906


TITLE

Premisys Identicard Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2019-001402

DESCRIPTION

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents. Premisys Identicard Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IDenticard Premisys is a set of access control systems from IDenticard Systems, USA. The system allows the system to grant and restrict access to doors, lock down facilities, view integrated reports, create detailed reports, and more. There are security vulnerabilities in IDenticard Systems version 3.1.190. A weak-encryption security weakness Attackers may exploit these issues to gain unauthorized access to the affected application, or to bypass certain security restrictions to perform unauthorized actions, and view encrypted data and obtain sensitive information. Premisys 3.1.190 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2019-3906 // JVNDB: JVNDB-2019-001402 // CNVD: CNVD-2019-39192 // BID: 106552 // VULMON: CVE-2019-3906

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39192

AFFECTED PRODUCTS

vendor:identicardmodel:premisys idscope:eqversion:3.1.190

Trust: 1.8

vendor:identicardmodel:premisys identicardscope:eqversion:3.1.190

Trust: 0.6

vendor:identicardmodel:systems premisysscope:eqversion:3.1.190

Trust: 0.3

sources: CNVD: CNVD-2019-39192 // BID: 106552 // JVNDB: JVNDB-2019-001402 // NVD: CVE-2019-3906

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3906
value: HIGH

Trust: 1.0

NVD: CVE-2019-3906
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-39192
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-592
value: HIGH

Trust: 0.6

VULMON: CVE-2019-3906
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3906
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-39192
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-3906
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-3906
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-39192 // VULMON: CVE-2019-3906 // JVNDB: JVNDB-2019-001402 // CNNVD: CNNVD-201901-592 // NVD: CVE-2019-3906

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2019-001402 // NVD: CVE-2019-3906

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-592

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-592

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001402

PATCH
title:Premisys IDurl:https://www.identicard.com/identification-solutions/photo-id-software/premisys-id-comprehensive-identification-management-solution/
Trust: 0.8
title:Threatposturl:https://threatpost.com/identicard-zero-days-allow-corporate-building-access-location-recon/140891/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-3906 // 
            
            
            
            JVNDB: JVNDB-2019-001402

EXTERNAL IDS
db:NVDid:CVE-2019-3906
Trust: 3.4
db:TENABLEid:TRA-2019-01
Trust: 2.8
db:BIDid:106552
Trust: 2.6
db:ICS CERTid:ICSA-19-031-02
Trust: 1.2
db:JVNDBid:JVNDB-2019-001402
Trust: 0.8
db:CNVDid:CNVD-2019-39192
Trust: 0.6
db:CNNVDid:CNNVD-201901-592
Trust: 0.6
db:VULMONid:CVE-2019-3906
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39192 // 
            
            
            
            VULMON: CVE-2019-3906 // 
            
            
            
            BID: 106552 // 
            
            
            
            JVNDB: JVNDB-2019-001402 // 
            
            
            
            CNNVD: CNNVD-201901-592 // 
            
            
            
            NVD: CVE-2019-3906

REFERENCES
url:http://www.securityfocus.com/bid/106552
Trust: 2.9
url:https://www.tenable.com/security/research/tra-2019-01
Trust: 2.8
url:https://ics-cert.us-cert.gov/advisories/icsa-19-031-02
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3906
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3906
Trust: 0.8
url:https://www.identicard.com/access-control/premisys-access-control-system/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/identicard-zero-days-allow-corporate-building-access-location-recon/140891/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39192 // 
            
            
            
            VULMON: CVE-2019-3906 // 
            
            
            
            BID: 106552 // 
            
            
            
            JVNDB: JVNDB-2019-001402 // 
            
            
            
            CNNVD: CNNVD-201901-592 // 
            
            
            
            NVD: CVE-2019-3906

CREDITS
Tenable
Trust: 0.9
sources:
            
            
            BID: 106552 // 
            
            
            
            CNNVD: CNNVD-201901-592

SOURCES
db:CNVDid:CNVD-2019-39192
db:VULMONid:CVE-2019-3906
db:BIDid:106552
db:JVNDBid:JVNDB-2019-001402
db:CNNVDid:CNNVD-201901-592
db:NVDid:CVE-2019-3906

LAST UPDATE DATE
2024-11-23T21:52:36.230000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-39192date:2019-11-05T00:00:00
db:VULMONid:CVE-2019-3906date:2019-10-09T00:00:00
db:BIDid:106552date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2019-001402date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201901-592date:2019-10-17T00:00:00
db:NVDid:CVE-2019-3906date:2024-11-21T04:42:50.283

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-39192date:2019-11-05T00:00:00
db:VULMONid:CVE-2019-3906date:2019-01-18T00:00:00
db:BIDid:106552date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2019-001402date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201901-592date:2019-01-16T00:00:00
db:NVDid:CVE-2019-3906date:2019-01-18T18:29:00.247