Severe Vulnerabilities in WGS-804HPT Switches Allow RCE
Cybersecurity Alert: Critical Flaws Discovered in Planet Technology’s WGS-804HPT Industrial Switches
Cybersecurity researchers have recently uncovered three significant security vulnerabilities in Planet Technology’s WGS-804HPT industrial switches, which could be exploited to achieve pre-authentication remote code execution on affected devices. These switches are integral to building and home automation systems, making the potential risks particularly concerning. According to Claroty’s Tomer Goldschmidt, the exploited vulnerabilities could allow attackers to control these devices remotely, facilitating further exploitation within internal networks.
Vulnerabilities Overview in WGS-804HPT Industrial Switches
The operational technology security firm conducted a thorough examination of the firmware associated with the WGS-804HPT switches using the QEMU framework. The identified vulnerabilities stem from issues in the dispatcher.cgi interface, which is responsible for providing web services. The specific vulnerabilities are as follows:
- CVE-2024-52558 (CVSS Score: 5.3): This integer underflow flaw allows an unauthenticated attacker to send malformed HTTP requests, leading to system crashes.
- CVE-2024-52320 (CVSS Score: 9.8): An operating system command injection flaw that enables an attacker to execute commands through malicious HTTP requests, resulting in remote code execution.
- CVE-2024-48871 (CVSS Score: 9.8): This stack-based buffer overflow vulnerability allows unauthenticated attackers to send harmful HTTP requests, leading to remote code execution.
Implications of the Vulnerabilities
The successful exploitation of these vulnerabilities could enable attackers to hijack the execution flow by embedding shellcode within HTTP requests. This would grant them the ability to execute operating system commands, posing a severe threat to network integrity and security.
Response from Planet Technology
In response to the responsible disclosure of these vulnerabilities, Planet Technology has released patches to address these issues. Version 1.305b241111 was made available on November 15, 2024. Users are strongly encouraged to update their devices to mitigate potential risks.
Stay Informed and Secure
For organizations utilizing Planet Technology’s WGS-804HPT industrial switches, it is crucial to remain vigilant and implement the necessary security updates. Cybersecurity is an ongoing concern, and staying informed about vulnerabilities is key to protecting your systems.
Found this article informative? Share your thoughts below, and don’t forget to check out our related articles on cybersecurity threats and best practices. Follow us on Twitter and LinkedIn for more exclusive content and updates.