Overview
- Forescout's BRIDGE:BREAK research details 22 previously unknown weaknesses in Lantronix and Silex serial-to-IP converters that link legacy equipment to IP networks.
- The study identified nearly 20,000 of these converters reachable on the public internet, which widens the paths attackers could use to reach operational systems.
- The flaws include remote code execution, authentication bypass, firmware tampering, denial of service, and information leaks in Lantronix EDS3000PS and EDS5000 and Silex SD330-AC models.
- Exploitation could let intruders take over devices, alter sensor readings or commands in transit, and move through networks to disrupt industrial or clinical processes.
- Lantronix and Silex released security updates, and experts advise patching, removing default logins, keeping devices off the internet, segmenting networks, and monitoring for unusual data flows.