Summary: Several critical vulnerabilities have been found in industrial switches and network management products made by Planet Technology. These vulnerabilities could allow remote attackers to exploit hardcoded credentials, create admin accounts, and execute OS commands. Planet Technology has since patched these vulnerabilities, which could potentially affect devices used globally, especially in critical manufacturing sectors.
Affected: Planet Technology’s UNI-NMS-Lite, NMS-500, NMS-1000V, WGS-804HPT-V2, WGS-4215-8T2S
Keypoints :
- Five critical vulnerabilities were discovered in Planet Technology’s products.
- Attackers could gain admin privileges or execute commands without authentication.
- Planet Technology was notified on March 6 and rolled out fixes on April 16.
- CISA has not reported any known exploitation of these vulnerabilities in the wild.