MOBATIME Network Master Clock - DTS 4801

Act Now9.8ICS-CERT ICSA-24-345-01Dec 10, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

MOBATIME Network Master Clock DTS 4801 contains a vulnerability that allows an attacker to take control of the device's operating system. The vulnerability affects firmware version FW__00020419.01.02020154. No patch is currently available.

What this means

What could happen

An attacker could gain full control of the network master clock, allowing them to alter time synchronization across critical infrastructure systems or disable time services essential for coordinating operations in the facility.

Who's at risk

Water authorities, electric utilities, and other critical infrastructure operators relying on MOBATIME DTS 4801 network master clocks for time synchronization should assess their exposure. Any facility using this device for centralized timekeeping in SCADA systems, RTU coordination, or event logging is affected.

How it could be exploited

An attacker on the network could send crafted requests to the DTS 4801 without authentication, exploiting the vulnerability to execute arbitrary commands and take over the device operating system. This enables modification of time settings that dependent systems rely on.

Prerequisites

Network access to the DTS 4801 device (no authentication required)
Device must be reachable from the attacker's network segment

Remotely exploitableNo authentication requiredLow complexity attackNo patch currently availableCritical severity (CVSS 9.8)Affects time synchronization in critical operations

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Network Master clock - DTS 4801: FW__00020419.01.02020154FW 00020419.01.02020154No fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to the DTS 4801 using firewall rules and network segmentation. Ensure the device is not accessible from the internet or untrusted networks.

HARDENINGIsolate the network master clock on a dedicated segment separate from business networks and remote access points.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for and report any suspected malicious activity targeting the device to your security team and CISA.

HOTFIXCheck the MOBATIME homepage regularly for firmware updates when they become available, and apply patches during a maintenance window.

CVEs (1)

CVE-2024-12286

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d9c073a5-60f7-4bbc-a605-d5e57028ce50