Details of VAR-201805-0943

ID

VAR-201805-0943

CVE

CVE-2018-8864

TITLE

plural ATI Systems Emergency Mass Notification Systems Cryptographic vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-005362

DESCRIPTION

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. plural ATI Systems Emergency Mass Notification Systems The device contains cryptographic vulnerabilities.Information may be tampered with. 1. An authentication bypass vulnerability 2. A security-bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Acoustic HPSS16 and so on are the emergency reporting systems of Acoustic Technology Company in the United States. An encryption issue vulnerability exists in several Acoustic products due to the program's failure to encrypt sensitive data. The following products are affected: Acoustic HPSS16; HPSS32; MHPSS; ALERT4000

Trust: 2.7

sources: NVD: CVE-2018-8864 // JVNDB: JVNDB-2018-005362 // CNVD: CNVD-2018-07875 // BID: 103721 // IVD: e2ebb602-39ab-11e9-ac93-000c29342cb1 // VULHUB: VHN-138896

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2ebb602-39ab-11e9-ac93-000c29342cb1 // CNVD: CNVD-2018-07875

AFFECTED PRODUCTS

vendor:	atisystem	model:	hpss32	scope:	eq	version:	-	Trust: 1.6
vendor:	atisystem	model:	hpss16	scope:	eq	version:	-	Trust: 1.6
vendor:	atisystem	model:	alert4000	scope:	eq	version:	-	Trust: 1.6
vendor:	atisystem	model:	mhpss	scope:	eq	version:	-	Trust: 1.6
vendor:	ati	model:	alert4000	scope:	-	version:	-	Trust: 0.8
vendor:	ati	model:	hpss16	scope:	-	version:	-	Trust: 0.8
vendor:	ati	model:	hpss32	scope:	-	version:	-	Trust: 0.8
vendor:	ati	model:	mhpss	scope:	-	version:	-	Trust: 0.8
vendor:	ati	model:	systems hpss16	scope:	-	version:	-	Trust: 0.6
vendor:	ati	model:	systems hpss32	scope:	-	version:	-	Trust: 0.6
vendor:	ati	model:	systems mhpss	scope:	-	version:	-	Trust: 0.6
vendor:	ati	model:	systems alert4000	scope:	-	version:	-	Trust: 0.6
vendor:	ati	model:	systems mhpss	scope:	eq	version:	0	Trust: 0.3
vendor:	ati	model:	systems hpss32	scope:	eq	version:	0	Trust: 0.3
vendor:	ati	model:	systems hpss16	scope:	eq	version:	0	Trust: 0.3
vendor:	ati	model:	systems alert4000	scope:	eq	version:	0	Trust: 0.3
vendor:	ati	model:	systems hpss16	scope:	eq	version:	*	Trust: 0.2
vendor:	ati	model:	systems hpss32	scope:	eq	version:	*	Trust: 0.2
vendor:	ati	model:	systems mhpss	scope:	eq	version:	*	Trust: 0.2
vendor:	ati	model:	systems alert4000	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2ebb602-39ab-11e9-ac93-000c29342cb1 // CNVD: CNVD-2018-07875 // BID: 103721 // JVNDB: JVNDB-2018-005362 // CNNVD: CNNVD-201805-872 // NVD: CVE-2018-8864

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8864
value:	LOW
Trust: 1.0
NVD:	CVE-2018-8864
value:	LOW
Trust: 0.8
CNVD:	CNVD-2018-07875
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201805-872
value:	LOW
Trust: 0.6
IVD:	e2ebb602-39ab-11e9-ac93-000c29342cb1
value:	LOW
Trust: 0.2
VULHUB:	VHN-138896
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-8864
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-07875
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:A/AC:H/AU:N/C:N/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.2
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ebb602-39ab-11e9-ac93-000c29342cb1
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:A/AC:H/AU:N/C:N/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.2
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-138896
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-8864
baseSeverity:	LOW
baseScore:	3.1
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: IVD: e2ebb602-39ab-11e9-ac93-000c29342cb1 // CNVD: CNVD-2018-07875 // VULHUB: VHN-138896 // JVNDB: JVNDB-2018-005362 // CNNVD: CNNVD-201805-872 // NVD: CVE-2018-8864

PROBLEMTYPE DATA

problemtype:	CWE-311	Trust: 1.1
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-138896 // JVNDB: JVNDB-2018-005362 // NVD: CVE-2018-8864

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201805-872

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201805-872

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005362

PATCH

title:	Mass Notification Products	url:	https://www.atisystem.com/products/	Trust: 0.8
title:	Patch for ATI Systems Emergency Mass Notification Systems False Alert Vulnerability (CNVD-2018-07875)	url:	https://www.cnvd.org.cn/patchInfo/show/126155	Trust: 0.6
title:	Multiple Acoustic Product encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83715	Trust: 0.6

sources: CNVD: CNVD-2018-07875 // JVNDB: JVNDB-2018-005362 // CNNVD: CNNVD-201805-872

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8864	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-100-01	Trust: 3.4
db:	BID	id:	103721	Trust: 2.0
db:	CNVD	id:	CNVD-2018-07875	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-872	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005362	Trust: 0.8
db:	IVD	id:	E2EBB602-39AB-11E9-AC93-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-138896	Trust: 0.1

sources: IVD: e2ebb602-39ab-11e9-ac93-000c29342cb1 // CNVD: CNVD-2018-07875 // VULHUB: VHN-138896 // BID: 103721 // JVNDB: JVNDB-2018-005362 // CNNVD: CNNVD-201805-872 // NVD: CVE-2018-8864

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-100-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/103721	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8864	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8864	Trust: 0.8
url:	https://www.atisystem.com/	Trust: 0.3

sources: CNVD: CNVD-2018-07875 // VULHUB: VHN-138896 // BID: 103721 // JVNDB: JVNDB-2018-005362 // CNNVD: CNNVD-201805-872 // NVD: CVE-2018-8864

CREDITS

Balint Seeber of Bastille

Trust: 0.3

sources: BID: 103721

SOURCES

db:	IVD	id:	e2ebb602-39ab-11e9-ac93-000c29342cb1
db:	CNVD	id:	CNVD-2018-07875
db:	VULHUB	id:	VHN-138896
db:	BID	id:	103721
db:	JVNDB	id:	JVNDB-2018-005362
db:	CNNVD	id:	CNNVD-201805-872
db:	NVD	id:	CVE-2018-8864

LAST UPDATE DATE

2024-11-23T21:38:57.002000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07875	date:	2018-04-19T00:00:00
db:	VULHUB	id:	VHN-138896	date:	2019-10-09T00:00:00
db:	BID	id:	103721	date:	2018-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-005362	date:	2018-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201805-872	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-8864	date:	2024-11-21T04:14:28.877

SOURCES RELEASE DATE

db:	IVD	id:	e2ebb602-39ab-11e9-ac93-000c29342cb1	date:	2018-04-19T00:00:00
db:	CNVD	id:	CNVD-2018-07875	date:	2018-04-19T00:00:00
db:	VULHUB	id:	VHN-138896	date:	2018-05-25T00:00:00
db:	BID	id:	103721	date:	2018-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-005362	date:	2018-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201805-872	date:	2018-05-25T00:00:00
db:	NVD	id:	CVE-2018-8864	date:	2018-05-25T16:29:00.323