The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a critical advisory highlighting multiple high-severity vulnerabilities in network products manufactured by Planet Technology. These vulnerabilities could potentially allow unauthorized attackers to gain administrative control over affected devices without authentication, posing significant risks to industrial control systems globally.
Overview of Identified Vulnerabilities
CISA’s advisory details five critical vulnerabilities, each with a Common Vulnerability Scoring System (CVSS) score as high as 9.8, indicating severe security risks. The vulnerabilities are as follows:
1. CVE-2025-46274: This vulnerability involves hard-coded credentials within the UNI-NMS-Lite management system. An unauthenticated attacker with network access could exploit this flaw to read, manipulate, and create entries in the managed database, potentially gaining full control over the network management system and any connected devices. This vulnerability has been assigned a CVSS v3 score of 9.8.
2. CVE-2025-46271: A pre-authentication command injection vulnerability that allows attackers with network access to execute arbitrary commands on the network management system and any connected managed devices. This vulnerability has a CVSS v3 score of 9.1.
3. CVE-2025-46272: This post-authentication operating system command injection vulnerability affects industrial switches, enabling authenticated users to execute arbitrary OS commands as root on the underlying operating system. This vulnerability has a CVSS v3 score of 9.1.
4. CVE-2025-46273: A critical security flaw in the UNI-NMS-Lite network management software, classified under CWE-798: Use of Hard-Coded Credentials. This vulnerability allows unauthenticated attackers to gain administrative control over all devices managed by the NMS. It has a CVSS v3 score of 9.8.
5. CVE-2025-46275: An authentication bypass vulnerability in industrial switches that allows attackers to modify device configurations and create new administrative accounts without requiring existing credentials. This vulnerability has a CVSS v3 score of 9.8.
Potential Impact
Successful exploitation of these vulnerabilities could lead to severe security breaches, including:
– Unauthorized access to sensitive device data.
– Execution of arbitrary commands on the underlying operating system.
– Full administrative control over affected devices and potentially connected systems.
– Creation of unauthorized administrator accounts.
– Manipulation of database entries.
These vulnerabilities are particularly concerning due to their potential impact on critical infrastructure sectors that rely on these devices for operational continuity.
Affected Products
The vulnerabilities impact the following Planet Technology products:
– UNI-NMS-Lite: Versions 1.0b211018 and prior.
– NMS-500: All versions.
– NMS-1000V: All versions.
– WGS-804HPT-V2: Versions 2.305b250121 and prior.
– WGS-4215-8T2S: Versions 1.305b241115 and prior.
These products are widely deployed across various industries, including critical manufacturing, making the vulnerabilities particularly impactful.
Recommendations and Mitigation Measures
Planet Technology has released patches for all affected devices. CISA recommends that organizations take immediate defensive measures to mitigate the risks associated with these vulnerabilities:
1. Update Affected Devices: Apply the patches provided by Planet Technology to all affected devices to remediate the identified vulnerabilities.
2. Minimize Network Exposure: Ensure that control system devices are not accessible from the internet. Limit exposure by configuring firewalls and isolating control system networks from business networks.
3. Implement Secure Remote Access: When remote access is necessary, use secure methods such as Virtual Private Networks (VPNs). Be aware that VPNs may have vulnerabilities and should be updated to the most current version available. Recognize that VPN security is only as strong as the connected devices.
4. Conduct Impact Analysis and Risk Assessment: Before deploying defensive measures, perform proper impact analysis and risk assessment to understand the potential effects on your organization.
5. Monitor and Report: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
By implementing these measures, organizations can significantly reduce the risk of exploitation and enhance the security of their industrial control systems.
Conclusion
The discovery of these critical vulnerabilities in Planet Technology’s network products underscores the importance of proactive cybersecurity measures in protecting industrial control systems. Organizations must remain vigilant, promptly apply security patches, and adhere to best practices to safeguard their infrastructure against potential threats.
