CVE-2025-46275 Planet Technology CVE debrief

Who should care

Administrators and incident responders responsible for Planet Technology WGS-804HPT-V2 and WGS-4215-8T2S devices, especially where management services are exposed beyond a trusted admin network. OT/ICS asset owners should treat this as urgent because the affected devices are listed in a CISA industrial control systems advisory.

Technical summary

The CISA CSAF advisory ICSA-25-114-06 states that the affected Planet Technology devices are missing authentication, allowing an attacker to create an administrator account without any existing credentials. The advisory’s affected-product entries name Planet Technology WGS-804HPT-V2 (<=2.305b250121) and WGS-4215-8T2S (<=1.305b241115). The source description also references WGS-80HPT-V2, so the source corpus contains a naming inconsistency that should be checked against vendor documentation before remediation. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which matches a network-reachable, no-authentication path to high-impact compromise.

Defensive priority

Urgent. This is a network-exploitable, unauthenticated issue that can directly produce administrative control, so exposed or remotely reachable devices should be prioritized for patching and access restriction immediately.

Recommended defensive actions

• Identify all Planet Technology devices in scope and compare installed firmware against the advisory’s affected versions (WGS-804HPT-V2 <=2.305b250121 and WGS-4215-8T2S <=1.305b241115).
• Apply the vendor-released patches referenced by the advisory for the affected products as soon as operationally possible.
• Restrict management access to trusted admin networks or VPN-only paths; do not leave device management interfaces broadly reachable.
• Review device accounts and configuration history for unexpected administrator accounts or changes, especially on any device that may have been exposed before patching.
• If compromise is suspected, isolate the device, preserve logs/configuration for investigation, and rotate credentials used to administer the affected equipment.
• Use CISA ICS recommended practices and defense-in-depth guidance to segment OT assets and reduce exposure of management services.

Evidence notes

Evidence is limited to the supplied CISA CSAF source item and referenced official links. The advisory was published on 2025-04-24 and revised on 2025-05-06 with a revision note indicating typo fixes. The advisory text states that missing authentication can allow an attacker to create an administrator account without existing credentials. The affected-product list includes WGS-804HPT-V2 and WGS-4215-8T2S, while the description line mentions WGS-80HPT-V2; that discrepancy is present in the source corpus and should be treated carefully in reporting and asset matching. No KEV listing or ransomware-campaign use is provided in the supplied data.

Official resources