PatchSiren cyber security CVE debrief
CVE-2024-12286 MOBATIME CVE debrief
The MOBATIME Network Master Clock DTS 4801 contains a critical vulnerability (CVSS 9.8) that allows remote attackers to gain initial access via SSH using default credentials. This represents a classic insecure default configuration issue in industrial control systems. The vulnerability was disclosed by CISA on December 10, 2024, and affects firmware version FW__00020419.01.02020154. Attackers with network access can exploit this without any authentication, gaining full administrative control over the device with complete confidentiality, integrity, and availability impact. The vendor has released updated firmware to address this issue. Organizations should immediately change default credentials, restrict SSH access to trusted networks, and apply the vendor's firmware update.
- Vendor
- MOBATIME
- Product
- Network Master clock - DTS 4801
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-10
- Original CVE updated
- 2024-12-10
- Advisory published
- 2024-12-10
- Advisory updated
- 2024-12-10
Who should care
Organizations using MOBATIME DTS 4801 master clocks for time synchronization in industrial control systems, healthcare facilities, transportation systems, financial trading floors, or enterprise networks. Security teams responsible for OT/ICS infrastructure, network administrators managing time synchronization services, and compliance officers concerned with NERC CIP or similar standards requiring accurate time stamping.
Technical summary
The MOBATIME DTS 4801 Network Master Clock ships with default SSH credentials that remain unchanged in deployed environments. An attacker with network connectivity can authenticate via SSH without prior access, obtaining administrative control. The device functions as a time synchronization master clock in industrial and enterprise environments, making it a high-value target for lateral movement or disruption of time-dependent operations. The vulnerability is remotely exploitable with low attack complexity, requiring no user interaction or privileges.
Defensive priority
critical
Recommended defensive actions
- Immediately change default SSH credentials on all MOBATIME DTS 4801 devices; restrict SSH access to management networks only using firewall rules or network segmentation; apply the latest firmware update from MOBATIME's;
- Monitor SSH authentication logs for unauthorized access attempts; implement network monitoring for anomalous SSH connections to clock infrastructure; review and rotate any credentials that may have been compromised
- Conduct inventory of all MOBATIME DTS 4801 deployments to ensure comprehensive coverage; verify firmware versions against vendor guidance; document all credential changes and access control implementations
Evidence notes
CISA ICS advisory ICSA-24-345-01 confirms this vulnerability affects MOBATIME Network Master Clock DTS 4801 with firmware FW__00020419.01.02020154. The advisory explicitly states the attack vector is SSH with default credentials, with network exploitable attack complexity and no privileges required. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H confirms critical severity.
Official resources
-
CVE-2024-12286 CVE record
CVE.org
-
CVE-2024-12286 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-10