Forescout discovered 20 vulnerabilities (BRIDGE:BREAK) in serial-to-IP converters from Silex and Lantronix that enable remote code execution and device takeover in critical infrastructure.
Serial-to-IP converters, hardware devices that bridge legacy serial equipment to modern Ethernet/IP networks, are affected by potentially serious vulnerabilities that can expose operational technology, healthcare, and other critical systems to remote attacks. Forescout Technologies researchers discovered 20 new vulnerabilities across Silex and Lantronix devices, collectively tracked as BRIDGE:BREAK, including weaknesses that can be exploited without authentication.
The vulnerabilities enable OS command injection and remote code execution, firmware tampering, denial-of-service attacks, and device takeovers. Some flaws allow attackers to upload arbitrary files, bypass authentication, and obtain information. Nearly 20,000 internet-exposed systems were found via Shodan, and researchers demonstrated real-world scenarios where attackers could tamper with sensor readings in industrial and healthcare environments, concealing dangerous conditions that would normally require human intervention.
In a healthcare scenario, an extortion group or state-sponsored actor could deliver malicious firmware causing serial-to-IP converters to stop responding, with potential impacts including: analyzers stopping report transmission, surgical lighting controllers becoming unresponsive, infusion pump calibration workflows halted, and patient monitors losing network connectivity. These devices are used across industrial, telecom, retail, healthcare, energy, and transportation sectors by major vendors including Moxa, Digi, Advantech, Perle, Lantronix, and Silex.
Lantronix and Silex have both released patches. CISA published an advisory describing the Lantronix vulnerabilities. Organizations should not ignore the risks posed by these devices, which were targeted by Russian hackers in the 2015 Ukraine energy attack and more recently in attacks on Polish energy facilities.
Source: SecurityWeek — Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacki
