All Blogs
All Blogs
Responsible Disclosures
April 24, 2025

Immersive Uncovers Critical Vulnerabilities in Planet Technology Network Devices

Request A Demo
Cybersecurity Threats
Causes of Vulnerabilities
Threat Modelling
Contributors
Kevin Breen
Senior Director Cyber Threat Research
Immersive
Share

Security researchers at Immersive have identified several critical vulnerabilities affecting a range of Planet Technology network management and industrial switch products. These findings underscore the importance of continuous security research and responsible disclosure in protecting network infrastructure.

Our team, led by researcher Kev Breen, discovered vulnerabilities that, if exploited by malicious actors, could significantly impact organizations using these products.

The highest rated of these vulnerabilities, with a CVSS score of 9.8, could allow an attacker to take full control of all managed devices in the network.

CISA advisory

CISA has released an advisory ICSA-25-114-06

related to these vulnerabilities.

Affected products

The vulnerabilities impact the following Planet Technology products:  

  • UNI-NMS-Lite (versions 1.0b211018 and prior)
  • NMS-500 (all versions)
  • NMS-1000V (all versions)
  • WGS-80HPT-V2 (versions 2.305b250121 and prior)
  • WGS-4215-8T2S (versions 1.305b241115 and prior)

Vulnerabilities

CVE-2025-46271 Planet network management systems

CVSS v4: 9.3, v3: 9.1

This is a pre-auth command injection vulnerability that allows an attacker with network access to gain full control over the network management system (NMS) and any connected managed devices.

CVE-2025-46274 Planet network management systems

CVSS v4: 9.3, v3: 9.8

The NMS uses hard-coded credentials for the underlying Mongo database. Additionally, the Mongo service isn’t restricted to the local host, meaning an attacker with network access can gain full control over the NMS software and any connected managed devices.

CVE-2025-46273 Planet network management systems and all managed devices

CVSS v3: 9.8

Planet devices managed by a local Planet NMS all use a set of hard-coded credentials for communication between the NMS. A remote attacker with network access to the NMS can connect to this communication service, intercept all messages, and submit configuration messages destined for managed devices.

CVE-2025-46272 WGS-80HPT-V2 and WGS-4215-8T2S industrial switches

CVSS v4: 9.3

A post-auth operating system (OS) command injection vulnerability exists where an authenticated user can manipulate the input for a “hidden” command function. This results in command execution as root on the underlying operating system.

CVE-2025-46275 WGS-80HPT-V2 and WGS-4215-8T2S industrial switches

CVSS v4: 9.3 v3: 9.8

These switches have an authentication bypass vulnerability, allowing an attacker to modify their configuration, including creating new administrative accounts without needing existing credentials.

Potential impact

Successful exploitation by an unauthenticated attacker could lead to significant security breaches, including:

  • Reading or manipulating sensitive device data
  • Executing arbitrary commands on the underlying operating system
  • Gaining full administrative privileges over affected devices and potentially connected systems
  • Creating unauthorized administrator accounts
  • Manipulating database entries

Recommendations and mitigation

Immersive has responsibly disclosed these vulnerabilities to the US Cybersecurity and Infrastructure Security Agency (CISA) to facilitate remediation, and the vendor has made patches available.

It’s recommended to:

  • Minimize network exposure for all control system devices, ensuring they aren’t accessible directly from the internet
  • Isolate control system networks from business networks using firewalls  
  • Utilize secure methods like updated virtual private networks (VPNs) for any necessary remote access (recognizing that VPN security depends on the connected devices)

At this time, there are no known public exploits specifically targeting these vulnerabilities.

Looking forward

Immersive remains committed to proactive security research to identify and address potential threats, working collaboratively to enhance cyber resilience across industries.

We urge organizations using the affected Planet Technology products to review CISA's guidance and apply vendor updates as soon as possible.

Timeline

February 23, 2025 // Immersive contacts CISA for support with disclosure to Planet Technology

March 6, 2025 // CISA coordinates with Planet Technology and Immersive via VINCE

March 7, 2025 // Vendor confirms findings

April 16, 2025 // Vendor releases patches

April 24, 2025 // CISA publishes advisory

Trusted by top
companies worldwide

Customer
Insights

The speed at which Immersive produces technical content is hugely impressive, and this turnaround has helped get our teams ahead of the curve, giving them hands-on experience with serious vulnerabilities, in a secure environment, as soon as they emerge.
TJ Campana
Head of Global Cybersecurity
Operations, HSBC

Ready to Get Started?
Get a Live Demo.

Simply complete the form to schedule time with an expert that works best for your calendar.

By submitting this form, you acknowledge that Immersive will process your personal information in accordance with its Privacy Notice. 

Company

CommunityCareersCustomersCovenantLeadership & InvestorsCyber MillionSecurity & PrivacyLegalComplianceAccessibility StatementPrivacy NoticePressBlogContact UsWebsite Terms

Product

Immersive LabsApplication SecurityCrisis SimulationsCyber DrillsCyber Range ExercisesWorkforce ExercisesCloud SecurityFor Red TeamsFor Blue TeamsCyber RangesTeam ExercisesResourcesSupport

Be Ready