CyberSecurity news
FlagThis
@securityonline.info
//
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning to organizations globally regarding severe vulnerabilities in Planet Technology's network management and industrial switch products. These products are commonly used in critical manufacturing and industrial environments worldwide. The vulnerabilities, discovered by security researcher Kev Breen of Immersive Labs, affect several widely deployed Planet Technology products, including UNI-NMS-Lite, NMS-500, NMS-1000V, WGS-804HPT-V2, and WGS-4215-8T2S.
These critical flaws could allow remote attackers to take full control of affected devices, manipulate sensitive data, and compromise industrial networks. CISA's advisory highlights five major vulnerabilities, each with a CVSS v4 base score of 9.3 or higher. These include OS Command Injection (CVE-2025-46271, CVE-2025-46272), Hard-Coded Credentials (CVE-2025-46273, CVE-2025-46274), and Missing Authentication for Critical Functions (CVE-2025-46275). Exploitation of these vulnerabilities could enable attackers to execute arbitrary commands, gain administrative privileges, manipulate sensitive data, create unauthorized administrator accounts, and corrupt managed databases.
Planet Technology has released patches for all affected products, and CISA strongly urges organizations to apply these updates immediately. It is also recommended to minimize network exposure by keeping devices off the public internet and to segregate control system networks from business networks. Security researchers warn that internet-exposed devices are particularly at risk, and tools like Shodan and Censys have already identified many potentially vulnerable systems online. CISA advises organizations to place critical devices behind firewalls, separate them from business networks and use VPNs for remote access, ensuring they are fully updated.
ImgSrc: securityonline.
References :
These critical flaws could allow remote attackers to take full control of affected devices, manipulate sensitive data, and compromise industrial networks. CISA's advisory highlights five major vulnerabilities, each with a CVSS v4 base score of 9.3 or higher. These include OS Command Injection (CVE-2025-46271, CVE-2025-46272), Hard-Coded Credentials (CVE-2025-46273, CVE-2025-46274), and Missing Authentication for Critical Functions (CVE-2025-46275). Exploitation of these vulnerabilities could enable attackers to execute arbitrary commands, gain administrative privileges, manipulate sensitive data, create unauthorized administrator accounts, and corrupt managed databases.
Planet Technology has released patches for all affected products, and CISA strongly urges organizations to apply these updates immediately. It is also recommended to minimize network exposure by keeping devices off the public internet and to segregate control system networks from business networks. Security researchers warn that internet-exposed devices are particularly at risk, and tools like Shodan and Censys have already identified many potentially vulnerable systems online. CISA advises organizations to place critical devices behind firewalls, separate them from business networks and use VPNs for remote access, ensuring they are fully updated.
ImgSrc: securityonline.
Share:
References :
- Cyber Security News: CISA Issues Warning Over Planet Technology Network Product Flaws
- hackread.com: Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.
- securityonline.info: CISA warns of critical vulnerabilities in Planet Technology products
- Talkback Resources: Critical vulnerabilities in industrial switches and network management products by Planet Technology, allowing remote attackers to gain admin privileges, have been disclosed by CISA and patched by the company.
- cyberpress.org: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning organizations worldwide of severe vulnerabilities affecting a range of network management and industrial switch products from Taiwan-based Planet Technology.
- securityonline.info: CISA Warns of Critical Vulnerabilities in Planet Technology Products
- hackread.com: Planet Technology Industrial Switch Flaws Risk Full Takeover - Patch Now
Classification:
- HashTags: #PlanetTechnology #ICS #Vulnerability
- Company: Planet Technology
- Target: Industrial organizations
- Product: UNI-NMS-Lite
- Feature: Remote Admin Access
- Type: Vulnerability
- Severity: Critical