var-201805-0943
Vulnerability from variot
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. plural ATI Systems Emergency Mass Notification Systems The device contains cryptographic vulnerabilities.Information may be tampered with. 1. An authentication bypass vulnerability 2. A security-bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Acoustic HPSS16 and so on are the emergency reporting systems of Acoustic Technology Company in the United States. An encryption issue vulnerability exists in several Acoustic products due to the program's failure to encrypt sensitive data. The following products are affected: Acoustic HPSS16; HPSS32; MHPSS; ALERT4000
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0943",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hpss32",
"scope": "eq",
"trust": 1.6,
"vendor": "atisystem",
"version": null
},
{
"model": "hpss16",
"scope": "eq",
"trust": 1.6,
"vendor": "atisystem",
"version": null
},
{
"model": "alert4000",
"scope": "eq",
"trust": 1.6,
"vendor": "atisystem",
"version": null
},
{
"model": "mhpss",
"scope": "eq",
"trust": 1.6,
"vendor": "atisystem",
"version": null
},
{
"model": "alert4000",
"scope": null,
"trust": 0.8,
"vendor": "ati",
"version": null
},
{
"model": "hpss16",
"scope": null,
"trust": 0.8,
"vendor": "ati",
"version": null
},
{
"model": "hpss32",
"scope": null,
"trust": 0.8,
"vendor": "ati",
"version": null
},
{
"model": "mhpss",
"scope": null,
"trust": 0.8,
"vendor": "ati",
"version": null
},
{
"model": "systems hpss16",
"scope": null,
"trust": 0.6,
"vendor": "ati",
"version": null
},
{
"model": "systems hpss32",
"scope": null,
"trust": 0.6,
"vendor": "ati",
"version": null
},
{
"model": "systems mhpss",
"scope": null,
"trust": 0.6,
"vendor": "ati",
"version": null
},
{
"model": "systems alert4000",
"scope": null,
"trust": 0.6,
"vendor": "ati",
"version": null
},
{
"model": "systems mhpss",
"scope": "eq",
"trust": 0.3,
"vendor": "ati",
"version": "0"
},
{
"model": "systems hpss32",
"scope": "eq",
"trust": 0.3,
"vendor": "ati",
"version": "0"
},
{
"model": "systems hpss16",
"scope": "eq",
"trust": 0.3,
"vendor": "ati",
"version": "0"
},
{
"model": "systems alert4000",
"scope": "eq",
"trust": 0.3,
"vendor": "ati",
"version": "0"
},
{
"model": "systems hpss16",
"scope": "eq",
"trust": 0.2,
"vendor": "ati",
"version": "*"
},
{
"model": "systems hpss32",
"scope": "eq",
"trust": 0.2,
"vendor": "ati",
"version": "*"
},
{
"model": "systems mhpss",
"scope": "eq",
"trust": 0.2,
"vendor": "ati",
"version": "*"
},
{
"model": "systems alert4000",
"scope": "eq",
"trust": 0.2,
"vendor": "ati",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07875"
},
{
"db": "BID",
"id": "103721"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005362"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-872"
},
{
"db": "NVD",
"id": "CVE-2018-8864"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:atisystem:alert4000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:atisystem:hpss16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:atisystem:hpss32_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:atisystem:mhpss_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005362"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Balint Seeber of Bastille",
"sources": [
{
"db": "BID",
"id": "103721"
}
],
"trust": 0.3
},
"cve": "CVE-2018-8864",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CVE-2018-8864",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-07875",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "e2ebb602-39ab-11e9-ac93-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-138896",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"id": "CVE-2018-8864",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8864",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2018-8864",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2018-07875",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-872",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "e2ebb602-39ab-11e9-ac93-000c29342cb1",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-138896",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07875"
},
{
"db": "VULHUB",
"id": "VHN-138896"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005362"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-872"
},
{
"db": "NVD",
"id": "CVE-2018-8864"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. plural ATI Systems Emergency Mass Notification Systems The device contains cryptographic vulnerabilities.Information may be tampered with. \n1. An authentication bypass vulnerability\n2. A security-bypass vulnerability\nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Acoustic HPSS16 and so on are the emergency reporting systems of Acoustic Technology Company in the United States. An encryption issue vulnerability exists in several Acoustic products due to the program\u0027s failure to encrypt sensitive data. The following products are affected: Acoustic HPSS16; HPSS32; MHPSS; ALERT4000",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005362"
},
{
"db": "CNVD",
"id": "CNVD-2018-07875"
},
{
"db": "BID",
"id": "103721"
},
{
"db": "IVD",
"id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138896"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8864",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-100-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103721",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-07875",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-872",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005362",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EBB602-39AB-11E9-AC93-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138896",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07875"
},
{
"db": "VULHUB",
"id": "VHN-138896"
},
{
"db": "BID",
"id": "103721"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005362"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-872"
},
{
"db": "NVD",
"id": "CVE-2018-8864"
}
]
},
"id": "VAR-201805-0943",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07875"
},
{
"db": "VULHUB",
"id": "VHN-138896"
}
],
"trust": 1.775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07875"
}
]
},
"last_update_date": "2024-11-23T21:38:57.002000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mass Notification Products",
"trust": 0.8,
"url": "https://www.atisystem.com/products/"
},
{
"title": "Patch for ATI Systems Emergency Mass Notification Systems False Alert Vulnerability (CNVD-2018-07875)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/126155"
},
{
"title": "Multiple Acoustic Product encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005362"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-872"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138896"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005362"
},
{
"db": "NVD",
"id": "CVE-2018-8864"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-100-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103721"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8864"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8864"
},
{
"trust": 0.3,
"url": "https://www.atisystem.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07875"
},
{
"db": "VULHUB",
"id": "VHN-138896"
},
{
"db": "BID",
"id": "103721"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005362"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-872"
},
{
"db": "NVD",
"id": "CVE-2018-8864"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07875"
},
{
"db": "VULHUB",
"id": "VHN-138896"
},
{
"db": "BID",
"id": "103721"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005362"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-872"
},
{
"db": "NVD",
"id": "CVE-2018-8864"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "IVD",
"id": "e2ebb602-39ab-11e9-ac93-000c29342cb1"
},
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07875"
},
{
"date": "2018-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-138896"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103721"
},
{
"date": "2018-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005362"
},
{
"date": "2018-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-872"
},
{
"date": "2018-05-25T16:29:00.323000",
"db": "NVD",
"id": "CVE-2018-8864"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07875"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138896"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103721"
},
{
"date": "2018-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005362"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-872"
},
{
"date": "2024-11-21T04:14:28.877000",
"db": "NVD",
"id": "CVE-2018-8864"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-872"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ATI Systems Emergency Mass Notification Systems Cryptographic vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005362"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-872"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.