Planet Technology Planet WGS-804HPT

Plan PatchCVSS 9.8ICS-CERT ICSA-24-340-02Dec 5, 2024

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Planet Technology WGS-804HPT network switch contains multiple vulnerabilities (CWE-121 stack buffer overflow, CWE-78 command injection, CWE-191 integer underflow) that allow remote code execution. An unauthenticated attacker with network access to the device can exploit these flaws to execute arbitrary code with device privileges, potentially compromising network integrity and control system communications. Affected firmware versions prior to 1.305b241111.

What this means

What could happen

An attacker who reaches this network switch could run arbitrary code on it, potentially disrupting traffic between your control systems and other network segments, or using it as a foothold to reach other critical devices.

Who's at risk

Organizations operating industrial or municipal network infrastructure should prioritize this issue if they have deployed Planet WGS-804HPT managed switches in control networks. This includes water authorities, power utilities, manufacturing facilities, and other operators of critical infrastructure using this switch model for network management and VLAN segmentation.

How it could be exploited

An attacker with network access to the WGS-804HPT switch (port 502, management interface, or other network service) can send a specially crafted packet that triggers a stack buffer overflow or command injection, allowing remote code execution without authentication.

Prerequisites

Network access to the WGS-804HPT device (direct or routable from attacker's network)
No authentication required to trigger the vulnerability

remotely exploitableno authentication requiredlow complexityaffects industrial network infrastructure

Exploitability

Some exploitation risk — EPSS score 3.0%

Affected products (1)

ProductAffected VersionsFix Status

Planet WGS-804HPT: v1.305b210531v1.305b2105311.305b241111

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to the WGS-804HPT management interface and services to authorized engineering workstations and control system devices only

HARDENINGPlace the WGS-804HPT behind a firewall and do not expose it directly to the internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WGS-804HPT firmware to version 1.305b241111 or later

Long-term hardening

0/1

HARDENINGIf remote access to the WGS-804HPT is required, route it through a VPN or secure jump host rather than exposing the device directly

CVEs (3)

CVE-2024-48871 CVE-2024-52320 CVE-2024-52558

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/19973774-173a-4054-9bbf-6f2146a6ab90

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.