Planet Technology Network Products

Act NowCVSS 9.8ICS-CERT ICSA-25-114-06Apr 24, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Planet Technology network management and switching products contain multiple critical vulnerabilities including hardcoded credentials (CWE-798), OS command injection (CWE-78), and missing access controls (CWE-306). These flaws affect managed Ethernet switches (WGS-804HPT-V2, WGS-4215-8T2S) and network management platforms (UNI-NMS-Lite, NMS-500, NMS-1000V). Successful exploitation allows an attacker to read or modify device data, gain administrative privileges, alter database entries, and execute arbitrary commands. Some products are end-of-life with no fix planned; others may have patches available but version information is not specified in the remediation text provided.

What this means

What could happen

An attacker with network access could read sensitive device data, manipulate configuration or process parameters, gain administrative control, or alter system databases on these network devices. This could lead to unauthorized changes to network topology, data exfiltration, or disruption of connectivity for monitoring and control systems.

Who's at risk

Network administrators and operators at utilities and industrial sites that rely on Planet Technology managed network switches (WGS-804HPT-V2, WGS-4215-8T2S) and network management systems (UNI-NMS-Lite, NMS-500, NMS-1000V) for Ethernet switch management, network monitoring, and data collection. These devices are commonly deployed in water treatment, power distribution, and manufacturing environments to manage network infrastructure.

How it could be exploited

An attacker on the network can send specially crafted requests to the web interface or management port of affected devices without authentication. The vulnerabilities (hardcoded credentials, OS command injection, and missing access controls) allow the attacker to execute arbitrary commands, read/modify data, or escalate privileges to gain full administrative control.

Prerequisites

Network access to the device's management interface (web port or SSH)
No valid credentials required
Device must be reachable from the attacker's network segment

Remotely exploitableNo authentication requiredLow complexityHigh CVSS (9.8)High EPSS score (15.3%)No patch available for some productsDefault or hardcoded credentials in use

Exploitability

Likely to be exploited — EPSS score 15.3%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (5)

2 pending3 EOL

ProductAffected VersionsFix Status

WGS-804HPT-V2: <=2.305b250121≤ 2.305b250121No fix yet

WGS-4215-8T2S: <=1.305b241115≤ 1.305b241115No fix yet

UNI-NMS-Lite: <=1.0b211018≤ 1.0b211018No fix (EOL)

NMS-500: vers:all/*All versionsNo fix (EOL)

NMS-1000V: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDRestrict network access to the management interfaces of all affected devices to only authorized administrative workstations using firewall rules

WORKAROUNDDisable or isolate the WGS-804HPT-V2 and WGS-4215-8T2S devices if patches are unavailable and they are not critical to operations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WGS-804HPT-V2 to the latest patched firmware version available from Planet Technology

HOTFIXUpdate WGS-4215-8T2S to the latest patched firmware version available from Planet Technology

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: UNI-NMS-Lite: <=1.0b211018, NMS-500: vers:all/*, NMS-1000V: vers:all/*. Apply the following compensating controls:

HARDENINGPlace all network management devices (WGS, UNI-NMS, NMS) behind a firewall and on a separate management network isolated from production control networks

HARDENINGImplement require VPN or jump-box authentication for any remote access to these devices; ensure VPN is configured with strong encryption and kept current with vendor updates

CVEs (5)

CVE-2025-46271 CVE-2025-46272 CVE-2025-46273 CVE-2025-46274 CVE-2025-46275

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cabe9791-5fa5-445c-994a-ef9a633fb02b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.