Planet Technology Network Products Command Injection Vulnerability

A command injection vulnerability has been identified in certain Planet Technology network products, specifically the WGS-80HPT-V2 and WGS-4215-8T2S models, all versions through 1.305b241115 for WGS-4215-8T2S and versions through 2.305b250121 for WGS-804HPT-V2. This vulnerability allows an unauthenticated attacker to execute operating system commands on the host system.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands, potentially allowing an attacker to manipulate device data or execute malicious actions on the host system.

Remediation

Planet Technology has released patches for the WGS-804HPT-V2 and WGS-4215-8T2S models. Users are advised to update to the latest version. For additional guidance, CISA recommends minimizing network exposure for control system devices, using firewalls to isolate control system networks from business networks, and employing secure remote access methods such as VPNs.