OTPulse
FeedAboutContact

ATI Systems Emergency Mass Notification Systems

Monitor5.3ICS-CERT ICSA-18-100-01Apr 10, 2018
Attack VectorAdjacent
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

ATI Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, ALERT4000) contain authentication and authorization vulnerabilities (CWE-287) in radio command packet handling. An attacker with radio access and high technical skill could craft malicious command packets to trigger false emergency alerts.

What this means
What could happen
An attacker could send specially crafted radio commands to trigger false emergency mass notification alerts, causing public panic, unnecessary emergency response, and loss of trust in the notification system during real emergencies.
Who's at risk
Municipalities and emergency management agencies operating ATI emergency mass notification systems (HPSS16, HPSS32, MHPSS, ALERT4000 models) should assess their exposure. This affects public warning systems that rely on radio-based command transmission to sirens, transmitters, and notification devices.
How it could be exploited
An attacker must have radio access in the system's broadcast range and must craft properly formatted but unauthorized command packets to exploit weak authentication in the command processing logic. This requires knowledge of the radio protocol and packet structure used by the specific ATI system model.
Prerequisites
  • Radio access within broadcast range of the target system
  • Knowledge of ATI radio protocol and command packet format
  • High technical skill to reverse-engineer or obtain protocol documentation
Low authentication enforcement on radio commandsRequires high skill but no public exploits knownAffects critical emergency alerting infrastructureLow EPSS score but safety-relevant outcome
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (4)
4 pending
ProductAffected VersionsFix Status
ATI Emergency Mass Notification Systems - HPSS16HPSS16No fix yet
ATI Emergency Mass Notification Systems - HPSS32HPSS32No fix yet
ATI Emergency Mass Notification Systems - MHPSS, andMHPSSNo fix yet
ATI Emergency Mass Notification Systems - ALERT4000ALERT4000No fix yet
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGPerform network segmentation and access controls on radio systems to limit radio transmission range and monitor for unauthorized command traffic
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXRequest the security patch from ATI (currently available upon request; adds authentication to radio command packets)
WORKAROUNDReview and document radio system security architecture; conduct frequency scanning tests to detect unauthorized transmissions
Long-term hardening
0/1
HARDENINGPlan replacement of analog voice radios with digital P-25 (APCO) encrypted radios where feasible to eliminate the vulnerability
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d91a7f7b-9fd0-47f1-9bfa-1c664238b97f
ATI Systems Emergency Mass Notification Systems | CVSS 5.3 - OTPulse