In a significant cybersecurity alert, several industrial switches and network management products manufactured by Taiwan-based Planet Technology have been found vulnerable to multiple critical flaws. These weaknesses, flagged by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), open the door for remote attackers to easily gain administrative control over affected systems — a concerning revelation for industries worldwide relying on these devices for secure operations.

The vulnerabilities impact Planet Technology’s UNI-NMS-Lite, NMS-500, NMS-1000V network management systems, and the WGS-804HPT-V2 and WGS-4215-8T2S industrial switches. CISA’s advisory highlights the flaws as “critical”, warning that they can be exploited remotely and without authentication.

What Makes These Vulnerabilities So Dangerous?

According to CISA’s detailed report, the vulnerabilities allow:

• Remote attackers to obtain administrative privileges using hardcoded credentials embedded in the system.
  
  
• Malicious actors to create new admin accounts due to missing authentication checks.
  
  
• Command injection attacks, where unauthorized OS commands can be executed, giving attackers the power to manipulate, read, or even compromise device data.
  
  

Given that many of these devices are employed across critical manufacturing sectors worldwide, the potential consequences of an exploit could be disastrous — from operational disruptions to full-scale breaches of sensitive systems.

The Research Behind the Revelation

Credit for uncovering these alarming issues goes to Kevin Breen, senior director of cyber threat research at Immersive Labs. Breen was instrumental in identifying the vulnerabilities and responsibly disclosing them through CISA channels.

Breen’s findings did not stay behind closed doors. The day after CISA issued its advisory, he published technical details explaining how these flaws were discovered and how they could be weaponized by malicious entities. His research revealed that simple internet searches using platforms like Censys uncovered hundreds — possibly thousands — of exposed Planet Technology devices, leaving a vast digital footprint open to exploitation.

Interestingly, Breen stumbled upon these new vulnerabilities while revisiting earlier security gaps reported last year by Claroty, an industrial cybersecurity firm that had also flagged concerns about Planet Technology products.

Good News: Patches Are Available, but Risks Remain

After being notified by CISA on March 6, Planet Technology moved quickly to address the vulnerabilities, rolling out security patches on April 16.

At the time of CISA’s advisory, there had been no reports of active exploitation in the wild, providing a narrow but crucial window for companies to act swiftly and apply the necessary patches before attackers catch on.

Nonetheless, organizations are urged to conduct a full review of their systems to ensure they are not running vulnerable versions. If patches cannot be applied immediately, experts advise implementing compensating controls such as strict network segmentation and firewall rules to reduce exposure.

A Broader Reminder for Industrial Cybersecurity

The Planet Technology case underlines a larger issue: Industrial Control Systems (ICS) and Operational Technology (OT) devices often have critical vulnerabilities that go unnoticed until it’s too late. As industries become more connected, the cybersecurity risks surrounding ICS and OT systems will continue to grow.

Events like the upcoming ICS Cybersecurity Conference (October 27–30, 2025, in Atlanta) are essential for professionals who manage SCADA, DCS, PLC, and field controller environments to stay informed, build defenses, and prepare for future threats.

The cybersecurity landscape is evolving faster than ever — and in this game, awareness and proactive action aren’t optional; they are a necessity.