CVE-2025-46272 - Vulnerability Details - OpenCVE

WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06

History

Fri, 25 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 24 Apr 2025 23:15:00 +0000

Type	Values Removed	Values Added
Description		WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS commands on the host system.
Title		Planet Technology Network Products OS Command Injection
Weaknesses		CWE-78
References		https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}` cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2025-04-24T22:56:13.381Z

Updated: 2025-04-25T15:59:56.581Z

Reserved: 2025-04-22T15:31:46.237Z

Link: CVE-2025-46272

Vulnrichment

Updated: 2025-04-25T15:59:30.434Z

NVD

Status : Awaiting Analysis

Published: 2025-04-24T23:15:15.513

Modified: 2025-04-29T13:52:28.490

Link: CVE-2025-46272

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46272", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-04-22T15:31:46.237Z", "datePublished": "2025-04-24T22:56:13.381Z", "dateUpdated": "2025-04-25T15:59:56.581Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "WGS-804HPT-V2", "vendor": "Planet Technology", "versions": [{"lessThanOrEqual": "2.305b250121", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "WGS-4215-8T2S", "vendor": "Planet Technology", "versions": [{"lessThanOrEqual": "1.305b241115", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kev Breen of Immersive reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection \nattack that could allow an unauthenticated attacker to execute OS \ncommands on the host system."}], "value": "WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection \nattack that could allow an unauthenticated attacker to execute OS \ncommands on the host system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-04-24T23:01:43.682Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Planet Technology has released patches for the following devices:</p>\n<ul>\n<li><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/wgs-804hpt-v2\">WGS-804HPT (v2)</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/wgs-4215-8t2s\">WGS-4215-8T2</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/wgs-4215-8t2s\">S</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/uni-nms\">UNI-NMS</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/nms-500\">NMS-500</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/nms-1000v\">NMS-1000V</a></li></ul>"}], "value": "Planet Technology has released patches for the following devices:\n\n\n\n * WGS-804HPT (v2) https://www.planet.com.tw/en/product/wgs-804hpt-v2 \n * WGS-4215-8T2 https://www.planet.com.tw/en/product/wgs-4215-8t2s \n * S https://www.planet.com.tw/en/product/wgs-4215-8t2s UNI-NMS https://www.planet.com.tw/en/product/uni-nms \n * NMS-500 https://www.planet.com.tw/en/product/nms-500 \n * NMS-1000V https://www.planet.com.tw/en/product/nms-1000v"}], "source": {"advisory": "ICSA-25-114-06", "discovery": "EXTERNAL"}, "title": "Planet Technology Network Products OS Command Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-25T15:59:00.890971Z", "id": "CVE-2025-46272", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T15:59:56.581Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46272", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-25T15:59:00.890971Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T15:59:30.434Z"}}], "cna": {"title": "Planet Technology Network Products OS Command Injection", "source": {"advisory": "ICSA-25-114-06", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Kev Breen of Immersive reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Planet Technology", "product": "WGS-804HPT-V2", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.305b250121"}], "defaultStatus": "unaffected"}, {"vendor": "Planet Technology", "product": "WGS-4215-8T2S", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.305b241115"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Planet Technology has released patches for the following devices:\n\n\n\n * WGS-804HPT (v2) https://www.planet.com.tw/en/product/wgs-804hpt-v2 \n * WGS-4215-8T2 https://www.planet.com.tw/en/product/wgs-4215-8t2s \n * S https://www.planet.com.tw/en/product/wgs-4215-8t2s UNI-NMS https://www.planet.com.tw/en/product/uni-nms \n * NMS-500 https://www.planet.com.tw/en/product/nms-500 \n * NMS-1000V https://www.planet.com.tw/en/product/nms-1000v", "supportingMedia": [{"type": "text/html", "value": "<p>Planet Technology has released patches for the following devices:</p>\n<ul>\n<li><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/wgs-804hpt-v2\">WGS-804HPT (v2)</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/wgs-4215-8t2s\">WGS-4215-8T2</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/wgs-4215-8t2s\">S</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/uni-nms\">UNI-NMS</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/nms-500\">NMS-500</a></li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.planet.com.tw/en/product/nms-1000v\">NMS-1000V</a></li></ul>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection \nattack that could allow an unauthenticated attacker to execute OS \ncommands on the host system.", "supportingMedia": [{"type": "text/html", "value": "WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection \nattack that could allow an unauthenticated attacker to execute OS \ncommands on the host system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 OS Command Injection"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-04-24T23:01:43.682Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46272", "state": "PUBLISHED", "dateUpdated": "2025-04-25T15:59:56.581Z", "dateReserved": "2025-04-22T15:31:46.237Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-04-24T22:56:13.381Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection \nattack that could allow an unauthenticated attacker to execute OS \ncommands on the host system."}, {"lang": "es", "value": "WGS-80HPT-V2 y WGS-4215-8T2S son vulnerables a un ataque de inyecci\u00f3n de comandos que podr\u00eda permitir que un atacante no autenticado ejecute comandos del sistema operativo en el sistema host."}], "id": "CVE-2025-46272", "lastModified": "2025-04-29T13:52:28.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-04-24T23:15:15.513", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}