{"api_version":"1","generated_at":"2026-05-08T18:19:42+00:00","cve":"CVE-2019-3906","urls":{"html":"https://cve.report/CVE-2019-3906","api":"https://cve.report/api/cve/CVE-2019-3906.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-3906","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-3906"},"summary":{"title":"CVE-2019-3906","description":"Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.","state":"PUBLIC","assigner":"vulnreport@tenable.com","published_at":"2019-01-18 18:29:00","updated_at":"2022-12-03 14:45:00"},"problem_types":["CWE-798"],"metrics":[],"references":[{"url":"https://www.tenable.com/security/research/tra-2019-01","name":"https://www.tenable.com/security/research/tra-2019-01","refsource":"MISC","tags":["Third Party Advisory"],"title":"[R3] Multiple Premisys Identicard Vulnerabilities - Research Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106552","name":"106552","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Identicard Premisys Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-3906","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3906","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"3906","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"identicard","cpe5":"premisys_id","cpe6":"3.1.190","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3906","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"identicard","cpe5":"premisys_id","cpe6":"3.1.190","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"vulnreport@tenable.com","ID":"CVE-2019-3906","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Premisys Identicard 3.1.190","version":{"version_data":[{"version_value":"Premisys Identicard 3.1.190"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-798 Hard-coded Credentials"}]}]},"references":{"reference_data":[{"name":"https://www.tenable.com/security/research/tra-2019-01","refsource":"MISC","url":"https://www.tenable.com/security/research/tra-2019-01"},{"name":"106552","refsource":"BID","url":"http://www.securityfocus.com/bid/106552"}]}},"nvd":{"publishedDate":"2019-01-18 18:29:00","lastModifiedDate":"2022-12-03 14:45:00","problem_types":["CWE-798"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9},"severity":"HIGH","exploitabilityScore":8,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:identicard:premisys_id:3.1.190:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"3906","Ordinal":"141517","Title":"CVE-2019-3906","CVE":"CVE-2019-3906","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"3906","Ordinal":"1","NoteData":"Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"3906","Ordinal":"2","NoteData":"2019-01-18","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"3906","Ordinal":"3","NoteData":"2019-01-19","Type":"Other","Title":"Modified"}]}}}