Identicard PremiSys (Update A) (ICSA-19-031-02) – Product Used in the Water and Wastewater Sector

March 5, 2019

The NCCIC has updated this advisory with additional technical details of the affected products and mitigating measures. Read the advisory at NCCIC/ICS-CERT.

January 31, 2019

The NCCIC has published an advisory on use of hard-coded credentials, use of hard-coded password, inadequate encryption strength vulnerabilities in Identicard PremiSys. All versions prior to 4.1 are affected. Successful exploitation of these vulnerabilities could allow an attacker to view sensitive information via backups, obtain access to credentials, and/or obtain full access to the system with admin privileges. IDenticard has released updated software, Version 4.1, to address the hard-coded credential vulnerability (CVE-2019-3906). Inadequate encryption strength (CVE-2019-3907) and use of hard-coded password (CVE-2019-3908) are in process of being fixed with an update expected February 2019. The NCCIC also advises on a series of mitigating measures for this vulnerabilities. Read the advisory at NCCIC/ICS-CERT.