Industrial switches and network management products made by Taiwan-based Planet Technology are facing serious cybersecurity risks after the discovery of multiple critical vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory last week. It highlighted five major flaws in Planet Technology’s UNI-NMS-Lite, NMS-500, and NMS-1000V systems, as well as the WGS-804HPT-V2 and WGS-4215-8T2S switches. Each vulnerability received a critical severity rating, signaling a major threat to network security.
Attackers could exploit these vulnerabilities without needing to log in. They could use hardcoded credentials to take admin control, create admin accounts without verification, and launch command injection attacks. Such attacks could allow them to run dangerous system commands or access and tamper with sensitive device data.
CISA warned that these switches are widely deployed across the globe, including in the critical manufacturing sector, increasing the potential impact of any exploitation.
Cybersecurity researcher Kevin Breen, from Immersive Labs, discovered the flaws. He shared technical details the day after CISA’s advisory went public. Breen explained how he found the vulnerabilities and revealed that a Censys search exposed hundreds, possibly thousands, of vulnerable Planet Technology devices openly accessible online.
The discovery stemmed from Breen’s deeper investigation into earlier vulnerabilities reported by industrial cybersecurity firm Claroty last year. His research revealed even more dangerous weaknesses in Planet Technology’s products.
Fortunately, Planet Technology acted swiftly. After receiving a report from CISA on March 6, the company rolled out patches on April 16 to fix the issues. As of now, CISA says there is no evidence that hackers have exploited these vulnerabilities in the wild. However, experts warn that now that details are public, organizations should move quickly to apply the patches and secure their systems.
