CVE-2019-3906

HIGH

Premisys Identicard 3.1.190 - Authenticated Database Access via Hardcoded WCF Credentials

Title source: llm
STIX 2.1

Description

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2019-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106552

Scores

CVSS v3 8.8
EPSS 0.0289
EPSS Percentile 85.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (1)
identicard/premisys_id 3.1.190
Published Jan 18, 2019
Tracked Since Feb 18, 2026