CVE-2025-9972 is a critical OS Command Injection vulnerability identified in the Planet Technology Industrial Cellular Gateway model ICG-2510WG-LTE, specifically versions marked as 0 (likely initial or early firmware versions). This vulnerability stems from improper neutralization of special elements used in OS commands (CWE-78), allowing unauthenticated remote attackers to inject arbitrary operating system commands. Because the vulnerability requires no authentication (AV:N/AC:L/AT:N/PR:N/UI:N), an attacker can exploit it remotely without any credentials or user interaction. The CVSS 4.0 base score of 9.3 reflects the high impact on confidentiality, integrity, and availability, with high exploitability and scope confined to the vulnerable device. Exploitation could lead to full system compromise, enabling attackers to execute arbitrary commands, potentially leading to device takeover, data exfiltration, network pivoting, or disruption of industrial communications. The device is an industrial cellular gateway used to connect industrial equipment to cellular networks, often deployed in critical infrastructure and industrial control systems. The lack of available patches at the time of publication increases the urgency for mitigation. No known exploits are reported in the wild yet, but the ease of exploitation and critical impact make this a severe threat.

For European organizations, this vulnerability poses a significant risk, especially those relying on Planet Technology's ICG-2510WG-LTE gateways for industrial IoT, manufacturing automation, or critical infrastructure connectivity. Successful exploitation could lead to unauthorized control over industrial gateways, resulting in disruption of industrial processes, data breaches, or lateral movement within operational technology (OT) networks. This could impact sectors such as manufacturing, energy, transportation, and utilities, where cellular gateways are used to bridge remote equipment to central control systems. The compromise of these gateways could degrade operational availability, cause safety hazards, or lead to financial and reputational damage. Given the critical nature of industrial infrastructure in Europe and increasing reliance on cellular IoT connectivity, the threat is particularly concerning. The absence of authentication and user interaction requirements means attackers can launch automated attacks at scale, increasing the risk of widespread impact.

Immediate mitigation steps include isolating affected devices from untrusted networks and restricting remote access to management interfaces. Network segmentation should be enforced to limit exposure of the gateway devices. Organizations should monitor network traffic for unusual command execution patterns or unexpected outbound connections from these devices. Since no patches are currently available, consider deploying virtual patching via intrusion prevention systems (IPS) that can detect and block command injection attempts targeting known vulnerable parameters or endpoints. Engage with Planet Technology for firmware updates or security advisories and plan for rapid deployment once patches are released. Additionally, implement strict access control policies and multi-factor authentication on management interfaces where possible to reduce attack surface. Conduct thorough asset inventories to identify all deployed ICG-2510WG-LTE devices and prioritize their protection. Finally, maintain up-to-date backups and incident response plans tailored to OT environments to minimize downtime in case of compromise.