CVE-2018-8864

Published May 25, 2018

Last updated 3 days ago

CVSS low 3.1

Overview

Description: In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 3.1
Impact score: 1.4
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: LOW

CVSS 2.0

Type: Primary
Base score: 2.9
Impact score: 2.9
Exploitability score: 5.5
Vector string: AV:A/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

ics-cert@hq.dhs.gov: CWE-311
nvd@nist.gov: CWE-311

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:atisystem:hpss16_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "917E3F8C-C30A-4799-99E2-9D23659CEF1F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:atisystem:hpss16:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FA769624-D010-42FD-ACC4-36F86127809D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:atisystem:hpss32_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69841D28-CC70-495A-9C30-EB26097C1D26"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:atisystem:hpss32:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9943A82F-2505-4312-A50F-F26DD55B6F38"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:atisystem:mhpss_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90785F63-CCB1-4EEF-BC85-691A8AB63172"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:atisystem:mhpss:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0013936B-C5BD-4038-8DB2-E99CF7FD2CC1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:atisystem:alert4000_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "572E2D4A-4F78-44F4-8C4A-D26ACFD2B8FE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:atisystem:alert4000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C6D54DF1-3301-495F-AB14-422FBC9719AC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References