Dingtian DT-R002

MonitorCVSS 7.5ICS-CERT ICSA-25-268-01Sep 25, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Dingtian DT-R002 contains a credential exposure vulnerability (CWE-522) that allows an attacker to retrieve valid credentials from the device over the network without authentication. The vulnerability is reachable via HTTP (TCP/80) and the Dingtian Protocol (UDP/60000 and UDP/60001). Dingtian has not committed to providing a security fix. CVSS score 7.5 (high).

What this means

What could happen

An attacker who reaches the DT-R002 device over the network can steal valid credentials without needing to log in, potentially gaining access to the device's control functions or the broader control system.

Who's at risk

Water utilities and municipal electric systems using Dingtian DT-R002 remote terminal units (RTUs) or similar industrial communication devices are affected. Any organization relying on this device for SCADA or distributed control system operations should review network exposure.

How it could be exploited

An attacker with network access to the DT-R002 can send HTTP requests (port 80) or Dingtian Protocol messages (UDP ports 60000–60001) to retrieve stored credentials from the device without authentication.

Prerequisites

Network access to TCP port 80 (HTTP)
Network access to UDP ports 60000 or 60001 (Dingtian Protocol)
No credentials required

remotely exploitableno authentication requiredlow complexityno patch availablecredentials exposed

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

DT-R002: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to TCP port 80 (HTTP) on the DT-R002 device; allow only trusted engineering workstations or control system networks.

WORKAROUNDRestrict network access to UDP ports 60000 and 60001 (Dingtian Protocol) on the DT-R002 device; allow only trusted control system devices.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Dingtian customer support to inquire about available firmware updates or workarounds, and request status on vendor security fix plans.

Mitigations - no patch available

0/2

DT-R002: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the DT-R002 and any connected control system network from the business network using a firewall or air-gap.

HARDENINGEnsure the DT-R002 is not accessible from the internet; verify firewall rules block inbound access from external networks.

CVEs (2)

CVE-2025-10879 CVE-2025-10880

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ee9fe69-cb31-4552-b8f7-ccc5824ddb79

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.