Network Time Protocol Vulnerabilities
Act NowICS-CERT ICSA-14-353-01CSep 21, 2014
Summary
Multiple vulnerabilities exist in NTP implementations across industrial devices and embedded systems. The issues include weak random number generation (CWE-331, CWE-338), buffer overflows (CWE-121), improper input validation (CWE-703), and insufficient authentication mechanisms (CWE-290). These affect Siemens ROX controllers, Meinberg LANTIME time servers, Innomoninate mGuard firewalls, Arbiter clock products, VxWorks operating systems, and Wind River Linux deployments. Attackers can spoof NTP time values, corrupt system clocks, or execute code on vulnerable platforms by sending crafted NTP packets to UDP port 123.
What this means
What could happen
Multiple critical vulnerabilities in NTP implementations could allow attackers to corrupt or spoof time data, disrupting synchronization across PLCs, RTUs, and safety systems that depend on accurate time for logging, sequencing, and interlocks. Time manipulation could also enable attackers to bypass time-based security controls and authentication mechanisms.
Who's at risk
Water and electric utilities relying on Siemens ROX controllers, Meinberg LANTIME time servers, Innomoninate mGuard firewalls, Arbiter clock products, or any systems running VxWorks or Wind River Linux for synchronized operations. Any industrial device or PLC that depends on system time for process control, event logging, or safety interlocks is at risk.
How it could be exploited
An attacker with network access to the NTP port (UDP 123) on affected devices can send malformed NTP packets or act as a rogue NTP server. By exploiting the underlying weaknesses (weak random number generation, buffer overflows, improper input validation), the attacker can corrupt the system clock, inject false time values, or execute code with system privileges on vulnerable systems like VxWorks and WR Linux.
Prerequisites
- Network access to UDP port 123 (NTP service)
- Device must be configured to use NTP for time synchronization
- No authentication required for basic time spoofing exploitation
Remotely exploitable via UDP 123No authentication required for time spoofingLow complexity exploitHigh EPSS score (57.3%)No patches available for most affected productsAffects safety-critical time synchronizationWeak random number generation and buffer overflow issues
Exploitability
High exploit probability (EPSS 57.3%)
Affected products (13)
1 pending12 EOL
ProductAffected VersionsFix Status
Wind River System VxWorks: 6.96.9No fix yet
Arbiter Systems Clock products using the network card: vers:all/*All versionsNo fix (EOL)
Innomoninate mGuard Firmware: 7.07.0No fix (EOL)
Meinberg LANTIME Firmware: <V6.16.007<V6.16.007No fix (EOL)
Meinberg NTP V4.x: <4.2.8<4.2.8No fix (EOL)
Siemens ROX 2: <ROX_2.6.2<ROX 2.6.2No fix (EOL)
Siemens ROX 1: vers:all/*All versionsNo fix (EOL)
Wind River System VxWorks: 77No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2HARDENINGDisable NTP on devices where time synchronization is not operationally necessary
HARDENINGRestrict NTP traffic to authorized time servers using firewall rules; whitelist only known good NTP sources by IP address
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGImplement NTP rate limiting and authentication (NTP symmetric key or MD5) to reduce exposure to spoofing
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: Arbiter Systems Clock products using the network card: vers:all/*, Innomoninate mGuard Firmware: 7.0, Meinberg LANTIME Firmware: <V6.16.007, Meinberg NTP V4.x: <4.2.8, Siemens ROX 2: <ROX_2.6.2, Siemens ROX 1: vers:all/*, Wind River System VxWorks: 7, Wind River System WR Linux: 4.3.0.X, Innomoninate mGuard Firmware: 8.0, Wind River System WR Linux: 5.0.1.x, Wind River System WR Linux: 6.0.0.x, Wind River System WR Linux: 7.0.0.x. Apply the following compensating controls:
HARDENINGSegment NTP services onto a dedicated network or VLAN if possible to limit attacker reachability
HARDENINGMonitor system time drift and alert on anomalous NTP behavior or time jumps
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ef6a3330-b38f-40e9-a643-8b12f4248a11