Ethical Hacking News
A new set of vulnerabilities has been discovered in WGS-804HPT switches, which could be chained together for remote code execution. The identified vulnerabilities pose significant risks to the security of industrial IoT systems and require immediate attention from device manufacturers, users, and security professionals.
Three critical vulnerabilities (CVE-2024-52558, CVE-2024-52320, and CVE-2024-48871) were identified in Planet Technology's WGS-804HPT industrial switches. These vulnerabilities pose significant risks to the security of these devices and could allow attackers to achieve pre-authentication remote code execution. The three vulnerabilities can be exploited to cause denial-of-service (DoS) attacks, execute arbitrary operating system commands, or hijack device execution flow. Patches for the identified vulnerabilities have been released by Planet Technology and should be applied to all affected devices as soon as possible. Implementing robust security measures, such as network segmentation, firewalls, intrusion detection systems, and regular security audits, is crucial to protect these devices from cyber attacks.
In a recent report by Claroty, an operational technology security firm, three critical vulnerabilities were identified in Planet Technology's WGS-804HPT industrial switches. These switches are widely used in building and home automation systems for various networking applications, making them a prime target for cyber attackers. The vulnerabilities discovered by Claroty pose significant risks to the security of these devices and potentially allow an attacker to achieve pre-authentication remote code execution on susceptible devices.
According to Tomer Goldschmidt, a researcher at Claroty, "These switches are widely used in building and home automation systems for a variety of networking applications. An attacker who is able to remotely control one of these devices can use them to further exploit devices in an internal network and do lateral movement." This highlights the potential impact of these vulnerabilities on industrial IoT security.
The three identified vulnerabilities are CVE-2024-52558, CVE-2024-52320, and CVE-2024-48871. Each of these vulnerabilities has a distinct set of characteristics that make them particularly concerning.
CVE-2024-52558 is an integer underflow flaw that can allow an unauthenticated attacker to send a malformed HTTP request, resulting in a crash. This vulnerability is significant because it highlights the potential for attackers to cause denial-of-service (DoS) attacks by sending malicious traffic to these devices.
CVE-2024-52320 is an operating system command injection flaw that allows an unauthenticated attacker to send commands through a malicious HTTP request, resulting in remote code execution. This vulnerability poses a significant risk because it could allow attackers to execute arbitrary operating system commands on the affected device.
CVE-2024-48871 is a stack-based buffer overflow flaw that can allow an unauthenticated attacker to send a malicious HTTP request, resulting in remote code execution. Similar to CVE-2024-52320, this vulnerability also poses significant risks due to its potential for allowing attackers to execute arbitrary operating system commands on affected devices.
Successful exploitation of these vulnerabilities could permit an attacker to hijack the execution flow by embedding shellcode in the HTTP request and gain the ability to execute operating system commands. This highlights the importance of patching these vulnerabilities as soon as possible to prevent further attacks.
Following responsible disclosure, Planet Technology has rolled out patches for the identified vulnerabilities with version 1.305b241111 released on November 15, 2024. These patches should be applied to all affected devices as soon as possible to minimize potential damage.
The discovery of these vulnerabilities serves as a reminder that industrial IoT devices are not immune to cyber threats. As such, it is essential for device manufacturers, users, and security professionals to remain vigilant in monitoring the security of these devices and applying patches as needed.
Furthermore, the exploitation of these vulnerabilities highlights the importance of implementing robust security measures, including network segmentation, firewalls, intrusion detection systems, and regular security audits.
In conclusion, the discovery of critical vulnerabilities in WGS-804HPT switches underscores the need for increased vigilance in industrial IoT security. It is essential to apply patches as soon as possible, implement robust security measures, and remain informed about emerging threats to protect these devices from cyber attacks.
Related Information:
https://thehackernews.com/2025/01/critical-flaws-in-wgs-804hpt-switches.html
https://nvd.nist.gov/vuln/detail/CVE-2024-52558
https://www.cvedetails.com/cve/CVE-2024-52558/
https://nvd.nist.gov/vuln/detail/CVE-2024-52320
https://www.cvedetails.com/cve/CVE-2024-52320/
https://nvd.nist.gov/vuln/detail/CVE-2024-48871
https://www.cvedetails.com/cve/CVE-2024-48871/
Published: Fri Jan 17 09:30:46 2025 by llama3.2 3B Q4_K_M
