Lucene search

IcscertCVE-2018-8862

HistoryMay 25, 2018 - 4:29 p.m.

CVE-2018-8862

2018-05-2516:29:00

CWE-287

icscert

web.nvd.nist.gov

cve-2018-8862

ati systems

emergency mass notification systems

authentication vulnerability

false alarms

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

3.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

19.8%

JSON

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.

Affected configurations

Nvd

Node

atisystemhpss16_firmwareMatch-

AND

atisystemhpss16Match-

Node

atisystemhpss32_firmwareMatch-

AND

atisystemhpss32Match-

Node

atisystemmhpss_firmwareMatch-

AND

atisystemmhpssMatch-

Node

atisystemalert4000_firmwareMatch-

AND

atisystemalert4000Match-

VendorProductVersionCPE
atisystemhpss16_firmware-cpe:2.3:o:atisystem:hpss16_firmware:-:*:*:*:*:*:*:*
atisystemhpss16-cpe:2.3:h:atisystem:hpss16:-:*:*:*:*:*:*:*
atisystemhpss32_firmware-cpe:2.3:o:atisystem:hpss32_firmware:-:*:*:*:*:*:*:*
atisystemhpss32-cpe:2.3:h:atisystem:hpss32:-:*:*:*:*:*:*:*
atisystemmhpss_firmware-cpe:2.3:o:atisystem:mhpss_firmware:-:*:*:*:*:*:*:*
atisystemmhpss-cpe:2.3:h:atisystem:mhpss:-:*:*:*:*:*:*:*
atisystemalert4000_firmware-cpe:2.3:o:atisystem:alert4000_firmware:-:*:*:*:*:*:*:*
atisystemalert4000-cpe:2.3:h:atisystem:alert4000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atisystem	hpss16_firmware	-	cpe:2.3:o:atisystem:hpss16_firmware:-:::::::*
atisystem	hpss16	-	cpe:2.3:h:atisystem:hpss16:-:::::::*
atisystem	hpss32_firmware	-	cpe:2.3:o:atisystem:hpss32_firmware:-:::::::*
atisystem	hpss32	-	cpe:2.3:h:atisystem:hpss32:-:::::::*
atisystem	mhpss_firmware	-	cpe:2.3:o:atisystem:mhpss_firmware:-:::::::*
atisystem	mhpss	-	cpe:2.3:h:atisystem:mhpss:-:::::::*
atisystem	alert4000_firmware	-	cpe:2.3:o:atisystem:alert4000_firmware:-:::::::*
atisystem	alert4000	-	cpe:2.3:h:atisystem:alert4000:-:::::::*

CNA Affected

[
  {
    "product": "Emergency Mass Notification Systems",
    "vendor": "Acoustic Technology, Inc. (ATI Systems)",
    "versions": [
      {
        "status": "affected",
        "version": "The following ATI's Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000."
      }
    ]
  }
]

References

www.securityfocus.com/bid/103721

ics-cert.us-cert.gov/advisories/ICSA-18-100-01

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

3.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

19.8%

JSON

Related for CVE-2018-8862