RESEARCHERS from Forescout Research Vedere Labs found 22 BRIDGE:BREAK flaws in Lantronix and Silex Technology serial-to-IP converters, exposing around 20,000 devices to hijacking and data tampering. Serial-to-IP converters connect legacy serial equipment to IP networks and are widely used across energy, industry, retail, and healthcare sectors, enabling remote monitoring and control.
The vulnerabilities include remote code execution, authentication bypass, firmware tampering, and data exposure, with up to eight flaws in Lantronix devices (EDS3000PS and EDS5000 series) and 14 in Silex Technology SD330-AC. Attackers could shut down communications, move laterally within industrial networks, or manipulate data in transit, potentially altering sensor readings or commands and affecting industrial processes, energy systems, or patient monitors.
To mitigate risk, vendors and organisations are urged to patch vulnerable devices, replace default credentials, keep converters off the internet, and enforce strong access controls and network segmentation; monitoring for exploitation attempts is essential. According to Forescout's report, this research highlights weaknesses in serial-to-IP converters and the risks they pose in critical environments.