RESEARCHERS have identified 20 new vulnerabilities in popular models of serial-to-IP converters, devices that sit at the heart of modern industrial networks, with thousands of known vulnerabilities found in the same devices’ software stacks.
The study, presented at Black Hat Asia 2026 by researchers from Forescout, focused on three models from Lantronix and Silex, namely Lantronix’s EDS3000PS and EDS5000PS, and Silex’s SD330-AC, uncovering eight previously undisclosed bugs in the Lantronix models and twelve in the Silex.
Some flaws were severe, with the EDS5000PS containing five remote code execution vulnerabilities, including two rated “critical” on the CVSS scale of 9.8, and three more of high severity requiring authentication to exploit; the EDS3000PS also carried a 9.8 CVSS flaw, CVE-2025-70082, enabling password changes from the web interface without the old password.
Across the entire study, it was estimated that there may be more than 10 million serial device servers in existence, with a couple of tens of thousands exposed on the open Web. Forescout found that firmware images were riddled with an average of 212 known OSS vulnerabilities per device, and the kernels averaged 2,255 bugs, with around 68% of issues rated low- or medium-severity, 29% high-severity, and 63 bugs deemed outright critical, while devices on average faced 89 publicly available exploits.
The researchers emphasised that patching is difficult in always-on industrial environments, and suggested binary hardening techniques like ASLR could help, though such hardening is not applied consistently across these devices.