MOBATIME Network Master Clock - DTS 4801

Plan PatchCVSS 9.8ICS-CERT ICSA-24-345-01Dec 10, 2024

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

MOBATIME Network Master Clock DTS 4801 contains a vulnerability (CWE-1392) that allows unauthenticated remote attackers to take control of the device's operating system. The vulnerability affects firmware version FW__00020419.01.02020154 and no patch is currently available from the vendor.

What this means

What could happen

An attacker could remotely take control of the network master clock's operating system, potentially disrupting time synchronization across your facility's control systems, which could cause process synchronization failures, log inconsistencies, and operational downtime.

Who's at risk

Water authorities, electric utilities, and industrial facilities that rely on the MOBATIME DTS 4801 network master clock for time synchronization across SCADA systems, PLCs, RTUs, and other control devices. Facilities with synchronized logging requirements for audit trails and event correlation are also affected.

How it could be exploited

An attacker with network access to the clock can send a specially crafted unauthenticated request to the device, exploiting the OS control vulnerability without needing credentials or user interaction.

Prerequisites

Network access to the DTS 4801 device from an external network or untrusted segment
No authentication required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)no patch availableunauthenticated network accessaffects time synchronization in safety-critical systems

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

Network Master clock - DTS 4801: FW__00020419.01.02020154FW 00020419.01.02020154No fix yet

Remediation & Mitigation

0/5

Do now

0/4

WORKAROUNDImmediately restrict network access to the DTS 4801 clock device—allow only trusted control system networks and engineering workstations to reach it via firewall rules. Block all internet-facing access.

HARDENINGIsolate the DTS 4801 and all devices depending on it from your business network (IT network) using a firewall or network segmentation. The clock should only be accessible from your control system network.

WORKAROUNDIf remote access to the DTS 4801 is required for maintenance, implement a VPN connection from a secured, patched engineering workstation and disable the VPN when not in use.

HARDENINGReview and audit all current network connections to the DTS 4801 to identify and remove any unnecessary access paths.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor vendor advisories and the MOBATIME homepage for a firmware patch. Contact MOBATIME support to confirm patched firmware availability and timeline.

CVEs (1)

CVE-2024-12286

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d9c073a5-60f7-4bbc-a605-d5e57028ce50

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.