Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex. These vulnerabilities could be exploited to hijack a susceptible device and alter data exchanged by the device.
Forescout Research Vedere Labs has identified approximately 20,000 serial-to-Ethernet converters with the vulnerabilities, collectively codenamed BRIDGE:BREAK, exposed online worldwide.
“Some of these vulnerabilities could allow attackers to gain complete control over mission-critical devices connected via serial links,” the cybersecurity firm said in a report shared with The Hacker News.
A serial-to-IP converter is a hardware device that allows users to remotely access, control, and manage any serial device over an IP network or the Internet by “bridging” legacy applications running on TCP/IP with industrial control systems (ICS).
Broadly speaking, 8 security flaws were discovered in Lantronix products (EDS3000PS series and EDS5000 series) and as many as 14 in Silex SD330-AC. These drawbacks fall into the following broad categories:
Remote code execution – CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67041, CVE-2025 -67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, and CVE-2025-67038 Client-side Code Execution – CVE-2026-32963 Denial of Service (DoS) – CVE-2026-32961, CVE-2015-5621, CVE-2024-24487 Authentication Bypass – CVE-2026-32960, CVE-2025-67039 Device Takeover – FSCT-2025-0021 (CVE (No assignment), CVE-2026-32965, CVE-2025-70082 Firmware tampering – CVE-2026-32958 Configuration tampering – CVE-2026-32962, CVE-2026-32964 Information leakage – CVE-2026-32959 Arbitrary file upload – CVE-2026-32957
Successful exploitation of the aforementioned flaws could allow an attacker to disrupt serial communications with field assets, perform lateral movement, tamper with sensor values, or alter actuator behavior.
In a hypothetical attack scenario, an attacker could gain initial access to a remote facility through an Internet-exposed edge device, such as an industrial router or firewall, and weaponize the BRIDGE:BREAK vulnerability to compromise the serial-to-IP converter and alter serial data sent to and from the IP network.
Lantronix and Silex have released security updates to address identified issues –
In addition to patching, users are encouraged to replace default credentials, avoid using weak passwords, segment networks to prevent attackers from reaching vulnerable serial-to-IP converters or using them as transit points to other critical assets, and prevent devices from being exposed to the Internet.
“This research highlights weaknesses in serial-to-IP converters and the risks they can pose to critical environments,” Forescout said. “As these devices are increasingly deployed to connect traditional serial equipment to IP networks, vendors and end users must treat security implications as a core operational requirement.”
Source link
