cvelistv5 - cve-2018-8864

CVE-2018-8864 (GCVE-0-2018-8864)

Vulnerability from cvelistv5

Published

2018-05-25 16:00

Modified

2024-09-16 21:57

Severity ?

CWE

CWE-311 - MISSING ENCRYPTION OF SENSITIVE DATA

Summary

References

URL

	Vendor	Product	Version
	Acoustic Technology, Inc. (ATI Systems)	ATI Emergency Mass Notification Systems	Version: The following ATI's Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000.

var-201805-0943

Vulnerability from variot

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. plural ATI Systems Emergency Mass Notification Systems The device contains cryptographic vulnerabilities.Information may be tampered with. 1. An authentication bypass vulnerability 2. A security-bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Acoustic HPSS16 and so on are the emergency reporting systems of Acoustic Technology Company in the United States. An encryption issue vulnerability exists in several Acoustic products due to the program's failure to encrypt sensitive data. The following products are affected: Acoustic HPSS16; HPSS32; MHPSS; ALERT4000

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0943",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hpss32",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "atisystem",
        "version": null
      },
      {
        "model": "hpss16",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "atisystem",
        "version": null
      },
      {
        "model": "alert4000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "atisystem",
        "version": null
      },
      {
        "model": "mhpss",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "atisystem",
        "version": null
      },
      {
        "model": "alert4000",
        "scope": null,
        "trust": 0.8,
        "vendor": "ati",
        "version": null
      },
      {
        "model": "hpss16",
        "scope": null,
        "trust": 0.8,
        "vendor": "ati",
        "version": null
      },
      {
        "model": "hpss32",
        "scope": null,
        "trust": 0.8,
        "vendor": "ati",
        "version": null
      },
      {
        "model": "mhpss",
        "scope": null,
        "trust": 0.8,
        "vendor": "ati",
        "version": null
      },
      {
        "model": "systems hpss16",
        "scope": null,
        "trust": 0.6,
        "vendor": "ati",
        "version": null
      },
      {
        "model": "systems hpss32",
        "scope": null,
        "trust": 0.6,
        "vendor": "ati",
        "version": null
      },
      {
        "model": "systems mhpss",
        "scope": null,
        "trust": 0.6,
        "vendor": "ati",
        "version": null
      },
      {
        "model": "systems alert4000",
        "scope": null,
        "trust": 0.6,
        "vendor": "ati",
        "version": null
      },
      {
        "model": "systems mhpss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ati",
        "version": "0"
      },
      {
        "model": "systems hpss32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ati",
        "version": "0"
      },
      {
        "model": "systems hpss16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ati",
        "version": "0"
      },
      {
        "model": "systems alert4000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ati",
        "version": "0"
      },
      {
        "model": "systems hpss16",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ati",
        "version": "*"
      },
      {
        "model": "systems hpss32",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ati",
        "version": "*"
      },
      {
        "model": "systems mhpss",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ati",
        "version": "*"
      },
      {
        "model": "systems alert4000",
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ati",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      },
      {
        "db": "BID",
        "id": "103721"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-872"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8864"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:atisystem:alert4000_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:atisystem:hpss16_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:atisystem:hpss32_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:atisystem:mhpss_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Balint Seeber of Bastille",
    "sources": [
      {
        "db": "BID",
        "id": "103721"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-8864",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 5.5,
            "id": "CVE-2018-8864",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.2,
            "id": "CNVD-2018-07875",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.2,
            "id": "e2ebb602-39ab-11e9-ac93-000c29342cb1",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 5.5,
            "id": "VHN-138896",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:A/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.6,
            "id": "CVE-2018-8864",
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-8864",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-8864",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-07875",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201805-872",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "IVD",
            "id": "e2ebb602-39ab-11e9-ac93-000c29342cb1",
            "trust": 0.2,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-138896",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      },
      {
        "db": "VULHUB",
        "id": "VHN-138896"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-872"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8864"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. plural ATI Systems Emergency Mass Notification Systems The device contains cryptographic vulnerabilities.Information may be tampered with. \n1. An authentication bypass vulnerability\n2. A security-bypass vulnerability\nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Acoustic HPSS16 and so on are the emergency reporting systems of Acoustic Technology Company in the United States. An encryption issue vulnerability exists in several Acoustic products due to the program\u0027s failure to encrypt sensitive data. The following products are affected: Acoustic HPSS16; HPSS32; MHPSS; ALERT4000",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      },
      {
        "db": "BID",
        "id": "103721"
      },
      {
        "db": "IVD",
        "id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-138896"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8864",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-100-01",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "103721",
        "trust": 2.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-07875",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-872",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "E2EBB602-39AB-11E9-AC93-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-138896",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      },
      {
        "db": "VULHUB",
        "id": "VHN-138896"
      },
      {
        "db": "BID",
        "id": "103721"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-872"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8864"
      }
    ]
  },
  "id": "VAR-201805-0943",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      },
      {
        "db": "VULHUB",
        "id": "VHN-138896"
      }
    ],
    "trust": 1.775
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:38:57.002000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Mass Notification Products",
        "trust": 0.8,
        "url": "https://www.atisystem.com/products/"
      },
      {
        "title": "Patch for ATI Systems Emergency Mass Notification Systems False Alert Vulnerability (CNVD-2018-07875)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/126155"
      },
      {
        "title": "Multiple Acoustic Product encryption problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83715"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-872"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-311",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-310",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138896"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8864"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-100-01"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/103721"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8864"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8864"
      },
      {
        "trust": 0.3,
        "url": "https://www.atisystem.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      },
      {
        "db": "VULHUB",
        "id": "VHN-138896"
      },
      {
        "db": "BID",
        "id": "103721"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-872"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8864"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      },
      {
        "db": "VULHUB",
        "id": "VHN-138896"
      },
      {
        "db": "BID",
        "id": "103721"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-872"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8864"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-19T00:00:00",
        "db": "IVD",
        "id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
      },
      {
        "date": "2018-04-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      },
      {
        "date": "2018-05-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-138896"
      },
      {
        "date": "2018-04-10T00:00:00",
        "db": "BID",
        "id": "103721"
      },
      {
        "date": "2018-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      },
      {
        "date": "2018-05-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-872"
      },
      {
        "date": "2018-05-25T16:29:00.323000",
        "db": "NVD",
        "id": "CVE-2018-8864"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-07875"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-138896"
      },
      {
        "date": "2018-04-10T00:00:00",
        "db": "BID",
        "id": "103721"
      },
      {
        "date": "2018-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-872"
      },
      {
        "date": "2024-11-21T04:14:28.877000",
        "db": "NVD",
        "id": "CVE-2018-8864"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-872"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  ATI Systems Emergency Mass Notification Systems Cryptographic vulnerabilities in devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-005362"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-872"
      }
    ],
    "trust": 0.6
  }
}

ghsa-67jv-mp69-jmfg

Vulnerability from github

Published

2022-05-13 01:31

Modified

2022-05-13 01:31

Severity ?

3.1 (Low) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-8864"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-311"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-25T16:29:00Z",
    "severity": "LOW"
  },
  "details": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.",
  "id": "GHSA-67jv-mp69-jmfg",
  "modified": "2022-05-13T01:31:44Z",
  "published": "2022-05-13T01:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8864"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103721"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2018-8864

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-8864

Aliases

CVE-2018-8864

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8864",
    "description": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.",
    "id": "GSD-2018-8864"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8864"
      ],
      "details": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.",
      "id": "GSD-2018-8864",
      "modified": "2023-12-13T01:22:34.353597Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2018-04-10T00:00:00",
        "ID": "CVE-2018-8864",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ATI Emergency Mass Notification Systems",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "The following ATI\u0027s Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Acoustic Technology, Inc. (ATI Systems)"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "103721",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103721"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:atisystem:hpss16_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:atisystem:hpss16:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:atisystem:hpss32_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:atisystem:hpss32:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:atisystem:mhpss_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:atisystem:mhpss:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:atisystem:alert4000_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:atisystem:alert4000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-8864"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-311"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01"
            },
            {
              "name": "103721",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/103721"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 5.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2019-10-09T23:42Z",
      "publishedDate": "2018-05-25T16:29Z"
    }
  }
}

icsa-18-100-01

Vulnerability from csaf_cisa

Published

2018-04-10 00:00

Modified

2018-04-10 00:00

Summary

ATI Systems Emergency Mass Notification Systems

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could trigger false alarms.

Critical infrastructure sectors

Commercial Facilities, Defense Industrial Base, Emergency Services, Government Facilities, Nuclear Reactors, Materials, and Waste

Countries/areas deployed

Worldwide

Company headquarters location

Massachusetts

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.

Exploitability

No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Balint Seeber"
        ],
        "organization": "Bastille",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could trigger false alarms.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Defense Industrial Base, Emergency Services, Government Facilities, Nuclear Reactors, Materials, and Waste",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Massachusetts",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-100-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-100-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-100-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-100-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-100-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "ATI Systems Emergency Mass Notification Systems",
    "tracking": {
      "current_release_date": "2018-04-10T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-100-01",
      "initial_release_date": "2018-04-10T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-04-10T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-100-01 ATI Systems Emergency Mass Notification Systems"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "HPSS16",
                "product": {
                  "name": "ATI Emergency Mass Notification Systems - HPSS16",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "ATI Emergency Mass Notification Systems"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "HPSS32",
                "product": {
                  "name": "ATI Emergency Mass Notification Systems - HPSS32",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "ATI Emergency Mass Notification Systems"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MHPSS",
                "product": {
                  "name": "ATI Emergency Mass Notification Systems - MHPSS, and",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "ATI Emergency Mass Notification Systems"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ALERT4000",
                "product": {
                  "name": "ATI Emergency Mass Notification Systems - ALERT4000",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "ATI Emergency Mass Notification Systems"
          }
        ],
        "category": "vendor",
        "name": "Acoustic Technology, Inc. (ATI Systems)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-8864",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.CVE-2018-8864 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8864"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "ATI has created a patch which adds additional security features to the command packets sent over the radio. ATI is testing this patch, and it will be available upon request. Many systems are engineered to meet specific user needs and users need to make sure any upgrades are appropriate for their systems.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "ATI recommends that, where feasible, simple voice radios be replaced with digital P-25 (APCO) radios, which provide highly secure encrypted links.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

ICSA-18-100-01

Vulnerability from csaf_cisa

Published

2018-04-10 00:00

Modified

2018-04-10 00:00

Summary

ATI Systems Emergency Mass Notification Systems

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Successful exploitation of these vulnerabilities could trigger false alarms.

Critical infrastructure sectors

Commercial Facilities, Defense Industrial Base, Emergency Services, Government Facilities, Nuclear Reactors, Materials, and Waste

Countries/areas deployed

Worldwide

Company headquarters location

Massachusetts

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Recommended Practices

Exploitability

No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Balint Seeber"
        ],
        "organization": "Bastille",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could trigger false alarms.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Defense Industrial Base, Emergency Services, Government Facilities, Nuclear Reactors, Materials, and Waste",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Massachusetts",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-100-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-100-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-100-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-100-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-100-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "ATI Systems Emergency Mass Notification Systems",
    "tracking": {
      "current_release_date": "2018-04-10T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-100-01",
      "initial_release_date": "2018-04-10T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-04-10T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-100-01 ATI Systems Emergency Mass Notification Systems"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "HPSS16",
                "product": {
                  "name": "ATI Emergency Mass Notification Systems - HPSS16",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "ATI Emergency Mass Notification Systems"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "HPSS32",
                "product": {
                  "name": "ATI Emergency Mass Notification Systems - HPSS32",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "ATI Emergency Mass Notification Systems"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MHPSS",
                "product": {
                  "name": "ATI Emergency Mass Notification Systems - MHPSS, and",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "ATI Emergency Mass Notification Systems"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ALERT4000",
                "product": {
                  "name": "ATI Emergency Mass Notification Systems - ALERT4000",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "ATI Emergency Mass Notification Systems"
          }
        ],
        "category": "vendor",
        "name": "Acoustic Technology, Inc. (ATI Systems)"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-8864",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.CVE-2018-8864 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8864"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "ATI has created a patch which adds additional security features to the command packets sent over the radio. ATI is testing this patch, and it will be available upon request. Many systems are engineered to meet specific user needs and users need to make sure any upgrades are appropriate for their systems.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "ATI recommends that, where feasible, simple voice radios be replaced with digital P-25 (APCO) radios, which provide highly secure encrypted links.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

cnvd-2018-07875

Vulnerability from cnvd

Title

ATI Systems Emergency Mass Notification Systems虚假警报漏洞（CNVD-2018-07875）

Description

ATI Systems为社区，校园，工业和军事市场设计，构建和安装大众通知系统。Emergency Mass Notification Systems是一套急救质量通知系统。 ATI Systems Emergency Mass Notification Systems存在未授权操作漏洞，由于缺少由特制恶意无线电传输引起的敏感数据漏洞加密，允许攻击者远程触发虚假警报。

Severity

中

Patch Name

ATI Systems Emergency Mass Notification Systems虚假警报漏洞（CNVD-2018-07875）的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://www.atisystems.co.za/

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01

Impacted products

Name
['ATI Systems HPSS16', 'ATI Systems HPSS32', 'ATI Systems MHPSS', 'ATI Systems ALERT4000']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8864"
    }
  },
  "description": "ATI Systems\u4e3a\u793e\u533a\uff0c\u6821\u56ed\uff0c\u5de5\u4e1a\u548c\u519b\u4e8b\u5e02\u573a\u8bbe\u8ba1\uff0c\u6784\u5efa\u548c\u5b89\u88c5\u5927\u4f17\u901a\u77e5\u7cfb\u7edf\u3002Emergency Mass Notification Systems\u662f\u4e00\u5957\u6025\u6551\u8d28\u91cf\u901a\u77e5\u7cfb\u7edf\u3002\r\n\r\nATI Systems Emergency Mass Notification Systems\u5b58\u5728\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7f3a\u5c11\u7531\u7279\u5236\u6076\u610f\u65e0\u7ebf\u7535\u4f20\u8f93\u5f15\u8d77\u7684\u654f\u611f\u6570\u636e\u6f0f\u6d1e\u52a0\u5bc6\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u8fdc\u7a0b\u89e6\u53d1\u865a\u5047\u8b66\u62a5\u3002",
  "discovererName": "Balint Seeber of Bastille",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.atisystems.co.za/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07875",
  "openTime": "2018-04-19",
  "patchDescription": "ATI Systems\u4e3a\u793e\u533a\uff0c\u6821\u56ed\uff0c\u5de5\u4e1a\u548c\u519b\u4e8b\u5e02\u573a\u8bbe\u8ba1\uff0c\u6784\u5efa\u548c\u5b89\u88c5\u5927\u4f17\u901a\u77e5\u7cfb\u7edf\u3002Emergency Mass Notification Systems\u662f\u4e00\u5957\u6025\u6551\u8d28\u91cf\u901a\u77e5\u7cfb\u7edf\u3002\r\n\r\nATI Systems Emergency Mass Notification Systems\u5b58\u5728\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7f3a\u5c11\u7531\u7279\u5236\u6076\u610f\u65e0\u7ebf\u7535\u4f20\u8f93\u5f15\u8d77\u7684\u654f\u611f\u6570\u636e\u6f0f\u6d1e\u52a0\u5bc6\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u8fdc\u7a0b\u89e6\u53d1\u865a\u5047\u8b66\u62a5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ATI Systems Emergency Mass Notification Systems\u865a\u5047\u8b66\u62a5\u6f0f\u6d1e\uff08CNVD-2018-07875\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ATI Systems HPSS16",
      "ATI Systems HPSS32",
      "ATI Systems MHPSS",
      "ATI Systems ALERT4000"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01",
  "serverity": "\u4e2d",
  "submitTime": "2018-04-13",
  "title": "ATI Systems Emergency Mass Notification Systems\u865a\u5047\u8b66\u62a5\u6f0f\u6d1e\uff08CNVD-2018-07875\uff09"
}

fkie_cve-2018-8864

Vulnerability from fkie_nvd

Published

2018-05-25 16:29

Modified

2024-11-21 04:14

Severity ?

3.1 (Low) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/103721	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01	Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103721	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01	Mitigation, Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
atisystem	hpss16_firmware	-
atisystem	hpss16	-
atisystem	hpss32_firmware	-
atisystem	hpss32	-
atisystem	mhpss_firmware	-
atisystem	mhpss	-
atisystem	alert4000_firmware	-
atisystem	alert4000	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:atisystem:hpss16_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "917E3F8C-C30A-4799-99E2-9D23659CEF1F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:atisystem:hpss16:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA769624-D010-42FD-ACC4-36F86127809D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:atisystem:hpss32_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "69841D28-CC70-495A-9C30-EB26097C1D26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:atisystem:hpss32:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9943A82F-2505-4312-A50F-F26DD55B6F38",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:atisystem:mhpss_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "90785F63-CCB1-4EEF-BC85-691A8AB63172",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:atisystem:mhpss:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0013936B-C5BD-4038-8DB2-E99CF7FD2CC1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:atisystem:alert4000_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "572E2D4A-4F78-44F4-8C4A-D26ACFD2B8FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:atisystem:alert4000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D54DF1-3301-495F-AB14-422FBC9719AC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms."
    },
    {
      "lang": "es",
      "value": "En dispositivos ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS y ALERT4000), una vulnerabilidad de falta de cifrado de datos sensibles provocada por transmisiones de radio maliciosas especialmente manipuladas podr\u00eda permitir que un atacante desencadene falsas alarmas de forma remota."
    }
  ],
  "id": "CVE-2018-8864",
  "lastModified": "2024-11-21T04:14:28.877",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-25T16:29:00.323",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103721"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-8864 (GCVE-0-2018-8864)

Vulnerability from cvelistv5

var-201805-0943

Vulnerability from variot

ghsa-67jv-mp69-jmfg

Vulnerability from github

gsd-2018-8864

Vulnerability from gsd

icsa-18-100-01

Vulnerability from csaf_cisa

ICSA-18-100-01

Vulnerability from csaf_cisa

cnvd-2018-07875

Vulnerability from cnvd

fkie_cve-2018-8864

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature