CISA Warns Planet Technology Network Products Let Attackers Manipulate Devices

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-severity vulnerabilities in Planet Technology network products that could allow attackers to gain administrative control over affected devices without authentication. 

The advisory details five vulnerabilities with CVSS scores as high as 9.8, indicating critical security risks to industrial control systems worldwide.

Significant ICS Vulnerabilities Discovered

The most severe vulnerability (CVE-2025-46274) involves hard-coded credentials in the UNI-NMS-Lite management system that could allow an unauthenticated attacker to read, manipulate, and create entries in the managed database. 

With a CVSS v3 score of 9.8, this vulnerability poses an immediate threat to affected organizations.

“The NMS uses hard-coded credentials for the underlying Mongo database. Additionally, the Mongo service isn’t restricted to the local host, meaning an attacker with network access can gain full control over the NMS software and any connected managed devices,” explained researchers in their disclosure.

Another critical vulnerability (CVE-2025-46271) involves a pre-auth command injection vulnerability that allows attackers with network access to gain full control over the network management system and any connected managed devices. 

Similarly, CVE-2025-46272 affects the industrial switches, enabling attackers to execute arbitrary OS commands as root on the underlying operating system.

CVE-2025-46273 is a critical security flaw (CVSS v3: 9.8) in Planet Technology’s UNI-NMS-Lite network management software, classified under CWE-798: Use of Hard-Coded Credentials. 

This vulnerability allows unauthenticated attackers to gain administrative control over all devices managed by the NMS.

Additionally, CVE-2025-46275, which presents an authentication bypass vulnerability in the industrial switches, allows attackers to modify device configurations and create new administrative accounts without requiring existing credentials.

“Successful exploitation of these vulnerabilities could allow an attacker to read or manipulate device data, gain administrative privileges, or alter database entries,” CISA warned in its advisory.

Security researcher Kev Breen of Immersive Labs discovered the vulnerabilities, which affect Planet Technology’s network management systems and industrial switches. 

CVEs	Affected Products	Impact	Exploit Prerequisites	CVSS 3.1 Score
CVE-2025-46271	UNI-NMS-Lite	Execute OS commands, read/manipulate device data	Remote network access	9.1 (Critical)
CVE-2025-46272	WGS-804HPT-V2, WGS-4215-8T2S	Root-level OS command execution on host system	Remote network access	9.1 (Critical)
CVE-2025-46273	UNI-NMS-Lite, NMS-500, NMS-1000V	Gain administrative privileges on all managed devices	Network access to MongoDB service	9.8(Critical)
CVE-2025-46274	UNI-NMS-Lite, NMS-500, NMS-1000V	Read/manipulate/create database entries	Network access to MongoDB service	9.8(Critical)
CVE-2025-46275	WGS-804HPT-V2, WGS-4215-8T2S	Create admin accounts without authentication	Access to device management interface	9.8(Critical)

Affected Products

According to the CISA advisory, the affected products include UNI-NMS-Lite (versions 1.0b211018 and prior), NMS-500 (all versions), NMS-1000V (all versions), WGS-804HPT-V2 (versions 2.305b250121 and prior), and WGS-4215-8T2S (versions 1.305b241115 and prior).

Planet Technology has released patches for all affected devices. CISA recommends that organizations take immediate defensive measures, including:

• Minimizing network exposure for control system devices, ensuring they’re not accessible from the internet.
• Placing control system networks and remote devices behind firewalls and isolating them from business networks.
• Using secure methods like VPNs when remote access is required, while remembering VPNs are only as secure as connected devices.

CISA emphasized that while there are no reports of active exploitation targeting these vulnerabilities, organizations should implement recommended cybersecurity strategies for proactive defense of industrial control system assets.

Are you from the SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.