PatchSiren cyber security CVE debrief
CVE-2024-52320 Planet Technology CVE debrief
A critical command injection vulnerability in the Planet Technology Planet WGS-804HPT industrial switch allows unauthenticated remote attackers to execute arbitrary code via malicious HTTP requests. The vulnerability, published December 5, 2024, carries a CVSS 3.1 score of 9.8 (Critical) and affects firmware version 1.305b210531. Planet Technology has released patched firmware version 1.305b241111 to address this issue.
- Vendor
- Planet Technology
- Product
- Planet WGS-804HPT
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-05
- Original CVE updated
- 2024-12-05
- Advisory published
- 2024-12-05
- Advisory updated
- 2024-12-05
Who should care
Organizations operating Planet WGS-804HPT industrial switches in manufacturing, utility, transportation, or other OT environments. Security teams responsible for industrial control system infrastructure, network administrators managing industrial Ethernet deployments, and OT security practitioners monitoring CISA ICS advisories should prioritize this vulnerability due to its unauthenticated remote exploitation vector and critical severity rating.
Technical summary
The Planet Technology Planet WGS-804HPT, an industrial managed PoE switch, contains a command injection vulnerability in its HTTP request handling. An unauthenticated attacker can craft malicious HTTP requests that inject and execute arbitrary operating system commands on the device, resulting in complete system compromise. The vulnerability is remotely exploitable without authentication, requires no user interaction, and provides high impact across confidentiality, integrity, and availability dimensions. The affected firmware version is 1.305b210531.
Defensive priority
critical
Recommended defensive actions
- Upgrade affected Planet WGS-804HPT devices to firmware version 1.305b241111 or later as specified by the vendor
- Restrict network access to device management interfaces to trusted administrative hosts only
- Monitor for unauthorized HTTP requests to device management endpoints
- Apply network segmentation to isolate industrial control devices from untrusted networks
- Review CISA ICS recommended practices for defense-in-depth strategies
- Assess device inventory to identify all deployed WGS-804HPT units running affected firmware
- Consider temporary network isolation for devices that cannot be immediately patched
Evidence notes
CISA published advisory ICSA-24-340-02 on December 5, 2024, identifying this vulnerability in Planet Technology's WGS-804HPT industrial switch. The advisory confirms unauthenticated command injection through HTTP requests with remote code execution impact. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H supports the 9.8 critical score. Vendor remediation guidance specifies upgrade to firmware 1.305b241111 or later.
Official resources
-
CVE-2024-52320 CVE record
CVE.org
-
CVE-2024-52320 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-05