IDenticard PremiSys (Update A)

Plan Patch8.8ICS-CERT ICSA-19-031-02Jan 31, 2019

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

IDenticard PremiSys versions below 4.2 contain three vulnerabilities (CWE-798: hardcoded credentials, CWE-326: weak cryptography, CWE-259: hardcoded passwords) that allow attackers to view sensitive information via backups, obtain system credentials, and gain full administrative access.

What this means

What could happen

An attacker could extract backups containing sensitive data, steal credentials, or gain administrative control of the PremiSys system, potentially allowing unauthorized changes to access control policies or system configuration.

Who's at risk

Organizations operating IDenticard PremiSys access control systems should be concerned. PremiSys is commonly used in physical access control for buildings, facilities, and critical infrastructure. This affects any facility using PremiSys for badge readers, door locks, or visitor management systems.

How it could be exploited

An attacker with network access to port 9003/TCP can exploit hardcoded or weak credentials to authenticate to the PremiSys system. Once authenticated, the attacker can access the backup/restore feature to extract sensitive data or escalate privileges to obtain full administrative access to the system.

Prerequisites

Network access to port 9003/TCP
Knowledge of default or hardcoded credentials for the Service Database or backup/restore feature
PremiSys version 4.1 or earlier installed

remotely exploitableweak authentication (hardcoded/default credentials)affects access control systemsallows credential theftallows administrative privilege escalation

Exploitability

Moderate exploit probability (EPSS 1.5%)

Affected products (1)

ProductAffected VersionsFix Status

PremiSys: all< 4.24.2

Remediation & Mitigation

0/7

Do now

0/3

HARDENINGChange the Service Database default username and password

WORKAROUNDRestrict network access to port 9003/TCP; allow connections only from authorized management workstations and networks

WORKAROUNDMonitor access to port 9003/TCP for unauthorized connection attempts

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PremiSys to version 4.2 or later

HOTFIXAfter upgrading to version 4.2, set a new password for the backup/restore feature (required for CVE-2019-3908)

Long-term hardening

0/2

HARDENINGIsolate PremiSys system behind a firewall and remove any direct Internet exposure

HARDENINGUse VPN or secure bastion host if remote administrative access to PremiSys is required

CVEs (3)

CVE-2019-3906 CVE-2019-3907 CVE-2019-3908

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0b1fb9e9-169d-493a-bcf1-aa356110ceed