Recent research has unveiled critical vulnerabilities in serial-to-IP converters, potentially compromising operational technology (OT) and healthcare systems. These devices, essential for connecting legacy serial equipment with modern networks, are now at risk of being exploited by cyber attackers.
Role and Risks of Serial-to-IP Converters
Serial-to-IP converters, or serial device servers, facilitate communication between outdated industrial control systems (ICS) and Ethernet/IP networks. Despite their utility, a study by Forescout Technologies has exposed multiple vulnerabilities in these devices, which could be exploited by malicious actors.
These converters are extensively used across various sectors, including industrial, telecoms, healthcare, and transportation. Prominent manufacturers such as Moxa, Digi, and Advantech have deployed millions of these devices globally, with nearly 20,000 systems accessible via the internet, according to a Shodan search.
Details of the Discovered Vulnerabilities
Forescout’s investigation targeted devices from notable vendors like Silex and Lantronix, uncovering 20 new vulnerabilities. These weaknesses, collectively identified as BRIDGE:BREAK, include risks such as OS command injection, remote code execution, and device takeover.
Attackers can leverage these flaws to manipulate data, bypass authentication, and conduct denial-of-service (DoS) attacks. Such exploits could severely disrupt critical operations, particularly in healthcare, where systems might fail to report accurate data.
Implications and Mitigation Efforts
The potential impacts of these security flaws are significant. Forescout demonstrated scenarios where attackers could disrupt healthcare operations by altering sensor data or causing devices to become unresponsive. These actions could lead to severe delays and safety risks in critical environments.
Both Lantronix and Silex have responded by releasing patches for their affected products. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory detailing the vulnerabilities and recommended mitigation strategies.
Conclusion and Future Outlook
Organizations must address the vulnerabilities in serial-to-IP converters to safeguard against potential attacks. These devices have been exploited in past incidents, such as the 2015 Ukraine energy attack and more recent threats in Poland. Vigilance and timely updates are crucial to protecting critical infrastructure from these emerging cyber threats.
