Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for IGS-5225-4UP1T2S hardware 1.0 by PLANET Technology

    CVE-2024-8455 (GCVE-0-2024-8455)

    Vulnerability from nvd – Published: 2024-09-30 07:24 – Updated: 2024-09-30 16:54
    VLAI
    Title
    PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords
    Summary
    The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-261 - Weak Encoding for Password
    Assigner
    References
    Impacted products
    Vendor Product Version
    PLANET Technology GS-4210-24PL4C hardware 2.0 Affected: 0 , < 2.305b240719 (custom)
    Create a notification for this product.
    PLANET Technology GS-4210-24P2S hardware 3.0 Affected: 0 , < 3.305b240802 (custom)
    Create a notification for this product.
    PLANET Technology IGS-5225-4UP1T2S hardware 1.0 Affected: 0
    Create a notification for this product.
    planet_technology_corp gs-4210-24pl4c_hardware_2.0 Affected: 0 , < 2.305b240719 (custom)
        cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    planet_technology_corp gs-4210-24pl4c_hardware_3.0 Affected: 0 , < 3.305b240802 (custom)
        cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_3.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    planet_technology_corp igs-5225-4up1t2s_hardware_1.0 Affected: 0
        cpe:2.3:a:planet_technology_corp:igs-5225-4up1t2s_hardware_1.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-30 07:24
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gs-4210-24pl4c_hardware_2.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "lessThan": "2.305b240719",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_3.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gs-4210-24pl4c_hardware_3.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "lessThan": "3.305b240802",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:igs-5225-4up1t2s_hardware_1.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "igs-5225-4up1t2s_hardware_1.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8455",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T16:51:56.909491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T16:54:36.168Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GS-4210-24PL4C hardware 2.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "lessThan": "2.305b240719",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GS-4210-24P2S hardware 3.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "lessThan": "3.305b240802",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IGS-5225-4UP1T2S hardware 1.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2024-09-30T07:24:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords."
                }
              ],
              "value": "The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-261",
                  "description": "CWE-261 Weak Encoding for Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-30T07:25:13.087Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.\u003cbr\u003eUpdate firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.\u003cbr\u003eIGS-5225-4UP1T2S hardware 1.0 has reached End of Life (EOL). Replacement is recommended.\u003cbr\u003e"
                }
              ],
              "value": "Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.\nUpdate firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.\nIGS-5225-4UP1T2S hardware 1.0 has reached End of Life (EOL). Replacement is recommended."
            }
          ],
          "source": {
            "advisory": "TVN-202409011",
            "discovery": "EXTERNAL"
          },
          "title": "PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-8455",
        "datePublished": "2024-09-30T07:24:49.379Z",
        "dateReserved": "2024-09-05T02:53:08.080Z",
        "dateUpdated": "2024-09-30T16:54:36.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8454 (GCVE-0-2024-8454)

    Vulnerability from nvd – Published: 2024-09-30 07:18 – Updated: 2024-09-30 16:59
    VLAI
    Title
    PLANET Technology switch devices - Swctrl service DoS attack
    Summary
    The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    PLANET Technology GS-4210-24PL4C hardware 2.0 Affected: 0 , < 2.305b240719 (custom)
    Create a notification for this product.
    PLANET Technology GS-4210-24P2S hardware 3.0 Affected: 0 , < 3.305b240802 (custom)
    Create a notification for this product.
    PLANET Technology IGS-5225-4UP1T2S hardware 1.0 Affected: 0
    Create a notification for this product.
    planet_technology_corp gs-4210-24pl4c_hardware_2.0 Affected: 0 , < 2.305b240719 (custom)
        cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    planet_technology_corp gs-4210-24pl4c_hardware_3.0 Affected: 0 , < 3.305b240802 (custom)
        cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_3.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    planet_technology_corp igs-5225-4up1t2s_hardware_1.0 Affected: 0
        cpe:2.3:a:planet_technology_corp:igs-5225-4up1t2s_hardware_1.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-30 07:13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gs-4210-24pl4c_hardware_2.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "lessThan": "2.305b240719",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_3.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gs-4210-24pl4c_hardware_3.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "lessThan": "3.305b240802",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:igs-5225-4up1t2s_hardware_1.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "igs-5225-4up1t2s_hardware_1.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8454",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T16:57:41.398680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T16:59:40.972Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GS-4210-24PL4C hardware 2.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "lessThan": "2.305b240719",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GS-4210-24P2S hardware 3.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "lessThan": "3.305b240802",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IGS-5225-4UP1T2S hardware 1.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2024-09-30T07:13:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.\u003c/span\u003e"
                }
              ],
              "value": "The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-227",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-227 Sustained Client Engagement"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-30T07:18:30.271Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-8057-1b3fa-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-8058-cc391-2.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.\u003cbr\u003eUpdate firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.\u003cbr\u003eIGS-5225-4UP1T2S hardware 1.0 has reached End of Life (EOL). Replacement is recommended.\u003cbr\u003e"
                }
              ],
              "value": "Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.\nUpdate firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.\nIGS-5225-4UP1T2S hardware 1.0 has reached End of Life (EOL). Replacement is recommended."
            }
          ],
          "source": {
            "advisory": "TVN-202409010",
            "discovery": "EXTERNAL"
          },
          "title": "PLANET Technology switch devices - Swctrl service DoS attack",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-8454",
        "datePublished": "2024-09-30T07:18:30.271Z",
        "dateReserved": "2024-09-05T02:53:07.051Z",
        "dateUpdated": "2024-09-30T16:59:40.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8455 (GCVE-0-2024-8455)

    Vulnerability from cvelistv5 – Published: 2024-09-30 07:24 – Updated: 2024-09-30 16:54
    VLAI
    Title
    PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords
    Summary
    The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-261 - Weak Encoding for Password
    Assigner
    References
    Impacted products
    Vendor Product Version
    PLANET Technology GS-4210-24PL4C hardware 2.0 Affected: 0 , < 2.305b240719 (custom)
    Create a notification for this product.
    PLANET Technology GS-4210-24P2S hardware 3.0 Affected: 0 , < 3.305b240802 (custom)
    Create a notification for this product.
    PLANET Technology IGS-5225-4UP1T2S hardware 1.0 Affected: 0
    Create a notification for this product.
    planet_technology_corp gs-4210-24pl4c_hardware_2.0 Affected: 0 , < 2.305b240719 (custom)
        cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    planet_technology_corp gs-4210-24pl4c_hardware_3.0 Affected: 0 , < 3.305b240802 (custom)
        cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_3.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    planet_technology_corp igs-5225-4up1t2s_hardware_1.0 Affected: 0
        cpe:2.3:a:planet_technology_corp:igs-5225-4up1t2s_hardware_1.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-30 07:24
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gs-4210-24pl4c_hardware_2.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "lessThan": "2.305b240719",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_3.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gs-4210-24pl4c_hardware_3.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "lessThan": "3.305b240802",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:igs-5225-4up1t2s_hardware_1.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "igs-5225-4up1t2s_hardware_1.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8455",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T16:51:56.909491Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T16:54:36.168Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GS-4210-24PL4C hardware 2.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "lessThan": "2.305b240719",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GS-4210-24P2S hardware 3.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "lessThan": "3.305b240802",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IGS-5225-4UP1T2S hardware 1.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2024-09-30T07:24:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords."
                }
              ],
              "value": "The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-261",
                  "description": "CWE-261 Weak Encoding for Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-30T07:25:13.087Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.\u003cbr\u003eUpdate firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.\u003cbr\u003eIGS-5225-4UP1T2S hardware 1.0 has reached End of Life (EOL). Replacement is recommended.\u003cbr\u003e"
                }
              ],
              "value": "Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.\nUpdate firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.\nIGS-5225-4UP1T2S hardware 1.0 has reached End of Life (EOL). Replacement is recommended."
            }
          ],
          "source": {
            "advisory": "TVN-202409011",
            "discovery": "EXTERNAL"
          },
          "title": "PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-8455",
        "datePublished": "2024-09-30T07:24:49.379Z",
        "dateReserved": "2024-09-05T02:53:08.080Z",
        "dateUpdated": "2024-09-30T16:54:36.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8454 (GCVE-0-2024-8454)

    Vulnerability from cvelistv5 – Published: 2024-09-30 07:18 – Updated: 2024-09-30 16:59
    VLAI
    Title
    PLANET Technology switch devices - Swctrl service DoS attack
    Summary
    The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    PLANET Technology GS-4210-24PL4C hardware 2.0 Affected: 0 , < 2.305b240719 (custom)
    Create a notification for this product.
    PLANET Technology GS-4210-24P2S hardware 3.0 Affected: 0 , < 3.305b240802 (custom)
    Create a notification for this product.
    PLANET Technology IGS-5225-4UP1T2S hardware 1.0 Affected: 0
    Create a notification for this product.
    planet_technology_corp gs-4210-24pl4c_hardware_2.0 Affected: 0 , < 2.305b240719 (custom)
        cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    planet_technology_corp gs-4210-24pl4c_hardware_3.0 Affected: 0 , < 3.305b240802 (custom)
        cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_3.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    planet_technology_corp igs-5225-4up1t2s_hardware_1.0 Affected: 0
        cpe:2.3:a:planet_technology_corp:igs-5225-4up1t2s_hardware_1.0:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-30 07:13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gs-4210-24pl4c_hardware_2.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "lessThan": "2.305b240719",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_3.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gs-4210-24pl4c_hardware_3.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "lessThan": "3.305b240802",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:planet_technology_corp:igs-5225-4up1t2s_hardware_1.0:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "igs-5225-4up1t2s_hardware_1.0",
                "vendor": "planet_technology_corp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8454",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T16:57:41.398680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T16:59:40.972Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GS-4210-24PL4C hardware 2.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "lessThan": "2.305b240719",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GS-4210-24P2S hardware 3.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "lessThan": "3.305b240802",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IGS-5225-4UP1T2S hardware 1.0",
              "vendor": "PLANET Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2024-09-30T07:13:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.\u003c/span\u003e"
                }
              ],
              "value": "The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-227",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-227 Sustained Client Engagement"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-30T07:18:30.271Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-8057-1b3fa-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-8058-cc391-2.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.\u003cbr\u003eUpdate firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.\u003cbr\u003eIGS-5225-4UP1T2S hardware 1.0 has reached End of Life (EOL). Replacement is recommended.\u003cbr\u003e"
                }
              ],
              "value": "Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.\nUpdate firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.\nIGS-5225-4UP1T2S hardware 1.0 has reached End of Life (EOL). Replacement is recommended."
            }
          ],
          "source": {
            "advisory": "TVN-202409010",
            "discovery": "EXTERNAL"
          },
          "title": "PLANET Technology switch devices - Swctrl service DoS attack",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-8454",
        "datePublished": "2024-09-30T07:18:30.271Z",
        "dateReserved": "2024-09-05T02:53:07.051Z",
        "dateUpdated": "2024-09-30T16:59:40.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }