The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning organizations worldwide of severe vulnerabilities affecting a range of network management and industrial switch products from Taiwan-based Planet Technology.
The flaws, if left unpatched, could allow remote attackers to take full control of affected devices, manipulate sensitive data, and compromise industrial networks.
High-Impact Vulnerabilities Identified
The vulnerabilities, discovered by security researcher Kev Breen of Immersive Labs, impact several widely deployed Planet Technology products, including UNI-NMS-Lite (versions 1.0b211018 and prior), NMS-500, NMS-1000V, WGS-804HPT-V2 (versions 2.305b250121 and prior), and WGS-4215-8T2S (versions 1.305b241115 and prior).
These products are commonly used in critical manufacturing and industrial environments globally.
CISA’s advisory (ICSA-25-114-06) highlights five major vulnerabilities, each with a CVSS v4 base score of 9.3 or higher, signaling their critical nature:
- OS Command Injection (CVE-2025-46271, CVE-2025-46272): Attackers can exploit improper input handling to execute arbitrary operating system commands on affected devices, potentially gaining full control without authentication.
- Hard-Coded Credentials (CVE-2025-46273, CVE-2025-46274): The use of default, hard-coded usernames and passwords in management interfaces and databases could let attackers log in as administrators, intercept communications, and manipulate device configurations or database entries.
- Missing Authentication for Critical Functions (CVE-2025-46275): Certain switches lack proper authentication, allowing attackers to create new administrator accounts without needing existing credentials.
Potential Impact and Exploitation
Successful exploitation could allow attackers to:
- Read, modify, or delete sensitive device data
- Gain administrative privileges over entire networks of managed devices
- Execute arbitrary commands on device operating systems
- Create unauthorized administrator accounts
- Manipulate or corrupt managed databases
Security researchers warn that internet-exposed devices are particularly at risk, and tools like Shodan and Censys have already identified many potentially vulnerable systems online.
Mitigation and Recommendations
Planet Technology has released patches for all affected products. CISA strongly urges organizations to:
- Apply all vendor-provided updates immediately
- Minimize network exposure by keeping devices off the public internet
- Segregate control system networks from business networks using firewalls
- Use secure, updated VPNs for remote access, recognizing that VPNs themselves must be properly secured
At the time of publication, there have been no reports of public exploitation, but CISA and Immersive Labs stress the urgency of remediation to prevent future attacks.
Organizations observing suspicious activity should follow internal incident response protocols and report findings to CISA for further investigation and correlation.
These vulnerabilities underscore the ongoing risks facing industrial control systems and the importance of prompt patching and network segmentation.
CISA’s advisory serves as a critical reminder for all organizations relying on Planet Technology’s products to act swiftly and bolster their cyber defenses.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The flaws, if left unpatched, could allow remote attackers to take full control of affected devices, manipulate sensitive data.){kind=link}