VAR-201901-0270
Vulnerability from variot - Updated: 2023-12-18 12:50Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. Premisys Identicard Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. IDenticard Premisys is a set of access control systems from IDenticard Systems, USA. The system allows the system to grant and restrict access to doors, lock down facilities, view integrated reports, create detailed reports, and more.
There are security vulnerabilities in IDenticard Systems version 3.1.190. A weak-encryption security weakness Attackers may exploit these issues to gain unauthorized access to the affected application, or to bypass certain security restrictions to perform unauthorized actions, and view encrypted data and obtain sensitive information. Premisys 3.1.190 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "premisys id",
"scope": "eq",
"trust": 1.8,
"vendor": "identicard",
"version": "3.1.190"
},
{
"model": "premisys identicard",
"scope": "eq",
"trust": 0.6,
"vendor": "identicard",
"version": "3.1.190"
},
{
"model": "systems premisys",
"scope": "eq",
"trust": 0.3,
"vendor": "identicard",
"version": "3.1.190"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:identicard:premisys_id:3.1.190:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3908"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable",
"sources": [
{
"db": "BID",
"id": "106552"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
],
"trust": 0.9
},
"cve": "CVE-2019-3908",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3908",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39193",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3908",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3908",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-39193",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-594",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3908",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. Premisys Identicard Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. IDenticard Premisys is a set of access control systems from IDenticard Systems, USA. The system allows the system to grant and restrict access to doors, lock down facilities, view integrated reports, create detailed reports, and more. \n\nThere are security vulnerabilities in IDenticard Systems version 3.1.190. A weak-encryption security weakness\nAttackers may exploit these issues to gain unauthorized access to the affected application, or to bypass certain security restrictions to perform unauthorized actions, and view encrypted data and obtain sensitive information. \nPremisys 3.1.190 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "VULMON",
"id": "CVE-2019-3908"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3908",
"trust": 3.4
},
{
"db": "TENABLE",
"id": "TRA-2019-01",
"trust": 2.8
},
{
"db": "BID",
"id": "106552",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-031-02",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-39193",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-3908",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"id": "VAR-201901-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
}
]
},
"last_update_date": "2023-12-18T12:50:27.855000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Premisys ID",
"trust": 0.8,
"url": "https://www.identicard.com/identification-solutions/photo-id-software/premisys-id-comprehensive-identification-management-solution/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/identicard-zero-days-allow-corporate-building-access-location-recon/140891/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.tenable.com/security/research/tra-2019-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/106552"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3908"
},
{
"trust": 1.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-031-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3908"
},
{
"trust": 0.3,
"url": "https://www.identicard.com/access-control/premisys-access-control-system/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/identicard-zero-days-allow-corporate-building-access-location-recon/140891/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"db": "BID",
"id": "106552"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"date": "2019-01-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"date": "2019-01-14T00:00:00",
"db": "BID",
"id": "106552"
},
{
"date": "2019-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"date": "2019-01-18T18:29:00.327000",
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"date": "2019-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39193"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3908"
},
{
"date": "2019-01-14T00:00:00",
"db": "BID",
"id": "106552"
},
{
"date": "2019-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001385"
},
{
"date": "2022-12-03T14:46:05.703000",
"db": "NVD",
"id": "CVE-2019-3908"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Premisys Identicard Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001385"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-594"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…