CVE-2024-48871 Planet Technology CVE debrief

Who should care

Organizations operating Planet WGS-804HPT industrial switches in manufacturing, utility, transportation, or other industrial environments should prioritize remediation. Security teams responsible for OT/ICS network security, infrastructure administrators managing industrial Ethernet switches, and compliance officers tracking critical vulnerability exposure should address this issue promptly.

Technical summary

The Planet WGS-804HPT webserver contains a stack-based buffer overflow vulnerability due to insufficient input size validation. When processing HTTP requests, the webserver copies data to the stack without proper bounds checking. An unauthenticated attacker can send a crafted HTTP request with oversized input to trigger the overflow, potentially overwriting return addresses and achieving arbitrary code execution. The vulnerability is remotely exploitable without authentication, making it particularly severe for internet-exposed or network-accessible devices.

Defensive priority

critical

Recommended defensive actions

• Upgrade Planet WGS-804HPT firmware to version 1.305b241111 or later as recommended by the vendor
• Restrict network access to the device's web management interface to trusted administrative hosts only
• Monitor for unauthorized HTTP requests to the device's webserver
• Apply network segmentation to isolate affected industrial switches from untrusted networks
• Review CISA's ICS recommended practices for defense-in-depth strategies

Evidence notes

The vulnerability description and remediation guidance are sourced from CISA's CSAF-formatted advisory. The affected product version and patch version are explicitly documented in the CSAF product tree. CVSS 3.1 vector confirms network attack vector with low attack complexity and no privileges required.

Official resources