CVE-2018-8864

LOW

ATI Systems - Info Disclosure

Title source: llm

Description

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103721

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01

Scores

CVSS v3 3.1

EPSS 0.0002

EPSS Percentile 6.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-311

Status published

Products (4)

atisystem/alert4000_firmware

atisystem/hpss16_firmware

atisystem/hpss32_firmware

atisystem/mhpss_firmware

Published May 25, 2018

Tracked Since Feb 18, 2026