In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Atisystem
  • Hpss32
  • Alert4000 Firmware
  • Mhpss Firmware
  • Mhpss
  • Hpss16
  • Hpss32 Firmware
  • Alert4000
  • Hpss16 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:atisystem:hpss16_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:atisystem:hpss16:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:atisystem:hpss32_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:atisystem:hpss32:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:atisystem:mhpss_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:atisystem:mhpss:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:atisystem:alert4000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:atisystem:alert4000:-:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/103721 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01 Mitigation Third Party Advisory US Government Resource
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2018-04-10T00:00:00

Updated: 2018-05-26T09:57:01

Reserved: 2018-03-20T00:00:00

Link: CVE-2018-8864

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2018-05-25T16:29:00.323

Modified: 2019-10-09T23:42:58.677

Link: CVE-2018-8864

JSON object: View

cve-icon Redhat Information

No data.

CWE