RESEARCHERS have disclosed a collection of flaws dubbed BRIDGE:BREAK that affect Lantronix and Silex serial‑to‑IP converters, leaving thousands of industrial and healthcare devices open to remote code execution and data tampering. The vulnerabilities could allow attackers to hijack the converters, alter sensor readings and move laterally inside operational technology networks. No patches were publicly available at the time of disclosure.
CVE-2026-32955 carries a CVSS score of 8.8 and describes a stack‑based buffer overflow when the devices parse malicious redirect URLs in the Silex SD‑330AC and AMC Manager. CVE-2026-32956, rated 9.8 CVSS, is a heap‑based overflow in the same URL handling code. Both flaws can be triggered over the network with low privileges and without any user interaction.
CVE-2026-32961 scores 6.9 CVSS and stems from a missing authentication check on a firmware maintenance function, enabling unauthenticated actors to modify device firmware. In total, eight weaknesses were found in Lantronix EDS3000PS and EDS5000 series, while fourteen affect the Silex SD330‑AC, covering OS command injection, denial‑of‑service and information disclosure.
Although no threat actors have been observed exploiting these bugs in the wild, researchers warn that extortion groups or state‑sponsored groups could weaponise them to disrupt critical processes such as infusion pump calibration or environmental telemetry. The details are published in the Silex security advisory Silex security advisory and have been reported by outlets including The Hacker News and SecurityWeek.
Administrators should verify the firmware versions of all affected Lantronix EDS and Silex SD‑330AC units and apply the latest patches released by the vendors. Network segmentation is advised, placing serial‑to‑IP converters behind firewalls and restricting access to trusted management hosts.
Monitoring for anomalous traffic, such as unexpected POST requests to configuration interfaces, can help detect exploitation attempts. Until patches are applied, disabling unused services, changing default credentials and deploying intrusion‑detection signatures for the specific CVE vectors are prudent steps to reduce risk.