Planet Technology UNI-NMS-Lite
Moderate fix1 remedy
Moderate fix1 remedy
- <= 1.0b211018
Planet Technology Network Products Command Injection Vulnerability
Vulnerability
Patched
A command injection vulnerability has been identified in certain Planet Technology network products, including UNI-NMS-Lite, NMS-500, NMS-1000V, WGS-804HPT-V2, and WGS-4215-8T2S. This vulnerability allows an unauthenticated attacker to read or manipulate device data. In the case of WGS-804HPT-V2 and WGS-4215-8T2S, the vulnerability could be exploited to execute operating system commands on the host system.
Impact
Exploitation of this vulnerability could lead to unauthorized reading or manipulation of device data. In the case of WGS-804HPT-V2 and WGS-4215-8T2S, it could also allow for arbitrary command execution on the host system.
Remediation
Planet Technology has released patches for all affected products. CISA recommends users take defensive measures to minimize the risk of exploitation, such as reducing network exposure for control system devices, using firewalls to isolate control system networks from business networks, and employing secure remote access methods like VPNs.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
7.5exploitability
7.4remediation
0.0relevance
0.0threat
0.1urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.