CVE-2024-12286 - Vulnerability Details - OpenCVE

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0011}`	epss `{'score': 0.00123}`

Wed, 11 Dec 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Dec 2024 18:00:00 +0000

Type	Values Removed	Values Added
Description		MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.
Title		MOBATIME Network Master Clock has a use of default credentials vulnerability
Weaknesses		CWE-1392
References		https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-12-10T17:40:02.566Z

Updated: 2024-12-11T14:13:07.964Z

Reserved: 2024-12-05T21:43:21.355Z

Link: CVE-2024-12286

Vulnrichment

Updated: 2024-12-11T14:13:03.801Z

NVD

Status : Received

Published: 2024-12-10T18:15:27.150

Modified: 2024-12-10T18:15:27.150

Link: CVE-2024-12286

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12286", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-12-05T21:43:21.355Z", "datePublished": "2024-12-10T17:40:02.566Z", "dateUpdated": "2024-12-11T14:13:07.964Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Network Master Clock - DTS 4801", "vendor": "MOBATIME", "versions": [{"status": "affected", "version": "00020419.01.02020154"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mate Csorba and Zoltan Kato from DNV reported this vulnerability to CISA."}], "datePublic": "2024-12-10T17:10:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.</span>"}], "value": "MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1392", "description": "CWE-1392 Use of Default Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-12-10T17:40:02.566Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">MOBATIME recommends users update to the latest firmware version from their </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.mobatime.com/resource/282/dts-4801-masterclock\">homepage</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>"}], "value": "MOBATIME recommends users update to the latest firmware version from their homepage https://www.mobatime.com/resource/282/dts-4801-masterclock ."}], "source": {"advisory": "ICSA-24-345-01", "discovery": "EXTERNAL"}, "title": "MOBATIME Network Master Clock has a use of default credentials vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-11T14:12:56.145380Z", "id": "CVE-2024-12286", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-11T14:13:07.964Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12286", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-11T14:12:56.145380Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-11T14:13:03.801Z"}}], "cna": {"title": "MOBATIME Network Master Clock has a use of default credentials vulnerability", "source": {"advisory": "ICSA-24-345-01", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Mate Csorba and Zoltan Kato from DNV reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MOBATIME", "product": "Network Master Clock - DTS 4801", "versions": [{"status": "affected", "version": "00020419.01.02020154"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "MOBATIME recommends users update to the latest firmware version from their homepage https://www.mobatime.com/resource/282/dts-4801-masterclock .", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">MOBATIME recommends users update to the latest firmware version from their </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.mobatime.com/resource/282/dts-4801-masterclock\">homepage</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n<br>", "base64": false}]}], "datePublic": "2024-12-10T17:10:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1392", "description": "CWE-1392 Use of Default Credentials"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-12-10T17:40:02.566Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12286", "state": "PUBLISHED", "dateUpdated": "2024-12-11T14:13:07.964Z", "dateReserved": "2024-12-05T21:43:21.355Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-12-10T17:40:02.566Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials."}], "id": "CVE-2024-12286", "lastModified": "2024-12-10T18:15:27.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-12-10T18:15:27.150", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}