Dingtian DT-R002

Monitor5.9ICS-CERT ICSA-23-299-01Oct 26, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Authentication bypass vulnerability in Dingtian DT-R002 version 3.1.276A. Successful exploitation allows an attacker to bypass authentication controls. Vulnerability has high attack complexity. Dingtian has not responded to CISA requests for mitigation and no vendor fix is available.

What this means

What could happen

An attacker who bypasses authentication on a DT-R002 device could gain unauthorized access to control functions, potentially allowing them to alter device settings or operations without requiring valid credentials.

Who's at risk

Organizations operating Dingtian DT-R002 devices (version 3.1.276A) should be concerned. These devices are commonly used in industrial automation and control applications. Any facility with an affected device that has network connectivity faces risk if isolation measures are not in place.

How it could be exploited

An attacker with network access to the DT-R002 device would attempt to exploit the authentication bypass. Due to high attack complexity, the attacker would need to meet specific conditions or perform complex manipulation to succeed, but no user interaction is required.

Prerequisites

Network access to the DT-R002 device
Knowledge of specific exploitation technique (attack complexity is high)
Device must be reachable from attacker's network position

Remotely exploitableNo authentication requiredNo patch availableHigh attack complexity

Exploitability

Moderate exploit probability (EPSS 8.2%)

Affected products (1)

ProductAffected VersionsFix Status

DT-R002: 3.1.276A3.1.276ANo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGMinimize network exposure for DT-R002 devices by ensuring they are not directly accessible from the internet

HARDENINGPlace DT-R002 devices behind firewalls and isolate from business networks

WORKAROUNDContact Dingtian customer support for alternative mitigation options or workarounds

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to DT-R002 is required, implement VPN with current security patches

CVEs (1)

CVE-2022-29593

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5feb6ffa-8d00-48b7-b336-5e9f98e1804d