Cybersecurity experts have recently uncovered 22 vulnerabilities in widely-used serial-to-IP converters from Lantronix and Silex. These flaws, identified by Forescout Research Vedere Labs, could be manipulated by attackers to control compromised devices and interfere with data transmission. The vulnerabilities have been collectively named BRIDGE:BREAK, and approximately 20,000 of these converters are currently accessible online worldwide.
Identifying the Security Threats
The affected devices, the Lantronix EDS3000PS and EDS5000 Series, along with the Silex SD330-AC, are vulnerable to a range of attacks. These include remote code execution, client-side code execution, denial-of-service, authentication bypass, device takeover, firmware tampering, configuration tampering, information disclosure, and arbitrary file upload. Such vulnerabilities can enable adversaries to gain full control over critical devices linked via serial connections.
Serial-to-IP converters serve as crucial tools, allowing remote management of serial devices over internet networks. They act as a bridge between older systems and modern TCP/IP networks, making their security paramount for industrial operations.
Technical Details of the Vulnerabilities
In total, eight vulnerabilities have been detected in Lantronix products and 14 in Silex devices. Among them are severe issues like remote code execution (CVE-2026-32955, CVE-2026-32956) and device takeover (CVE-2026-32965). Additionally, flaws such as denial-of-service (CVE-2026-32961) and authentication bypass (CVE-2026-32960) pose significant risks.
Exploiting these vulnerabilities could allow attackers to disrupt communication with field assets, alter sensor data, or even manipulate actuator operations. A potential attack scenario might involve a cybercriminal accessing a remote facility through an exposed edge device, leveraging these flaws to compromise the serial-to-IP converter.
Preventive Measures and Vendor Responses
In response to these findings, Lantronix and Silex have issued security updates to mitigate the risks. Users are strongly advised to implement these patches, change default credentials, and avoid weak passwords. Network segmentation is recommended to prevent unauthorized access to these devices, ensuring they are not exposed to the internet.
Forescout emphasizes the importance of addressing these security gaps in serial-to-IP converters to safeguard critical environments. As these devices become more prevalent in connecting legacy equipment to IP networks, both manufacturers and users must prioritize their security as a fundamental operational requirement.
Ultimately, the discovery of these vulnerabilities underscores the necessity for rigorous security protocols in industrial settings, where the integrity of data and system operations is vital.
