Hardcoded, deafault creds, weak encryption
https://www.bleepingcomputer.com/news/security/flaws-in-a-card-access-control-system-may-allow-hackers-to-bypass-security/
Vulnerabilities discovered in the PremiSys IDentity access system could allow attackers to bypass its building entrance security. The vendor was warned about the flaws but still hasn't released the necessary patches.
Developed by IDenticard Systems as a comprehensive photo ID software, PremiSys ID can be used for designing and printing building access badges, and for managing cardholder data. The mobile app allows identifying employees by scanning their badges.