3.1

CVE-2018-8864

EPSS 0.02%
Veröffentlicht 25.05.2018 16:29:00
Zuletzt bearbeitet 21.11.2024 04:14:28
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atisystem ≫ Hpss16 Firmware Version-

Atisystem ≫ Hpss16 Version-

Atisystem ≫ Hpss32 Firmware Version-

Atisystem ≫ Hpss32 Version-

Atisystem ≫ Mhpss Firmware Version-

Atisystem ≫ Mhpss Version-

Atisystem ≫ Alert4000 Firmware Version-

Atisystem ≫ Alert4000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.037

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.1	1.6	1.4	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	2.9	5.5	2.9	AV:A/AC:M/Au:N/C:N/I:P/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

http://www.securityfocus.com/bid/103721

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-8864

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-8864

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-8864

EUVD