Cybersecurity researchers have identified three significant security vulnerabilities in Planet Technology’s WGS-804HPT industrial switches, which could be exploited to achieve pre-authentication remote code execution. These switches are extensively deployed in building and home automation systems, serving various networking applications.
According to Tomer Goldschmidt from Claroty, an operational technology (OT) security firm, the potential impact of these vulnerabilities is considerable. “An attacker who is able to remotely control one of these devices can use them to further exploit devices in an internal network and perform lateral movement,” Goldschmidt explained in a report published on Thursday.
Vulnerabilities Rooted in Firmware
Claroty conducted a comprehensive analysis of the firmware utilized by these switches using the QEMU framework. The analysis revealed that the vulnerabilities stem from issues in the dispatcher.cgi interface, which is responsible for providing web services on the devices. The identified flaws are as follows:
- CVE-2024-52558 (CVSS score: 5.3): An integer underflow vulnerability that could enable an unauthenticated attacker to send a malformed HTTP request, leading to a system crash.
- CVE-2024-52320 (CVSS score: 9.8): A critical operating system command injection flaw that could allow an unauthenticated attacker to send malicious HTTP requests, resulting in remote code execution.
- CVE-2024-48871 (CVSS score: 9.8): A stack-based buffer overflow vulnerability that could permit an unauthenticated attacker to send a crafted HTTP request, leading to remote code execution.
Exploitation and Impact
The successful exploitation of these vulnerabilities could allow attackers to manipulate the execution flow of the device. By embedding shellcode into malicious HTTP requests, attackers could gain the ability to execute operating system commands remotely. This capability not only compromises the targeted device but also poses a threat to other devices within the same internal network, potentially enabling lateral movement and broader network infiltration.
Recommendations
Organizations utilizing Planet Technology’s WGS-804HPT switches are strongly advised to:
- Apply firmware updates as soon as they become available to mitigate these vulnerabilities.
- Segment industrial devices from other parts of the network to limit potential attack vectors.
- Monitor network traffic for unusual activity that might indicate exploitation attempts.
- Use intrusion detection and prevention systems to identify and block malicious HTTP requests.
By addressing these security flaws, organizations can significantly reduce the risk of exploitation and protect their critical infrastructure from potential threats.
