Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Critical Vulnerabilities in Planet Technology Industrial Networking Products
Alerts

Multiple Critical Vulnerabilities in Planet Technology Industrial Networking Products

29 April 2025

Planet Technology has released security updates addressing multiple critical vulnerabilities affecting their Industrial Networking products. Users and administrators of affected products are advised to update to the latest versions immediately.

Planet Technology has released security updates addressing multiple critical vulnerabilities (CVE-2025-46271,CVE-2025-46272,CVE-2025-46273,CVE-2025-46274,and CVE-2025-46275) affecting their Industrial Networking products. 

The vulnerabilities are:

  • CVE-2025-46271: Successful exploitation of the vulnerability could allow an unauthenticated attacker to manipulate or read data and gain complete control of the system.

  • CVE-2025-46272: Successful exploitation of the vulnerability could allow an unauthenticated attacker to perform command injection attack to gain root privileges to the system.

  • CVE-2025-46273: Successful exploitation of the vulnerability could allow an unauthenticated remote attacker to escalate privileges and modify configurations. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

  • CVE-2025-46274: Successful exploitation of the vulnerability could allow an attacker to gain access to the managed database to manipulate and create new data entries. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

  • CVE-2025-46275: Successful exploitation of the vulnerability could an unauthenticated attacker to create an administrator account without compromising existing credentials. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

The vulnerabilities affect the following products:

CVE-2025-46271, CVE-2025-46274, and CVE-2025-46273:

  • All versions of NMS-500

  • All versions of NMS-1000V

  • UNI-NMS-Lite versions 1.0b211018 and earlier

CVE-2025-46272 and CVE-2025-46275:

  • WGS-804HPT-V2 versions 2.305b250121 and earlier

  • WGS-4215-8T2S versions 1.305b241115 and earlier

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2025-46271

https://www.planet.com.tw/en/support/security-advisory/7

https://www.planet.com.tw/en/support/security-advisory/6

https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06


Back to top