BRIDGE:BREAK Vulnerabilities Threaten Thousands of Serial-to-IP Converters
Cybersecurity researchers have uncovered 22 critical vulnerabilities in widely used serial-to-IP converters manufactured by Lantronix and Silex. These flaws, collectively termed BRIDGE:BREAK, could allow attackers to hijack vulnerable devices and manipulate the data they transmit. Forescout Research Vedere Labs identified nearly 20,000 such converters exposed online globally.
Serial-to-IP converters are essential hardware devices that enable remote access, control, and management of serial devices over IP networks or the internet. They serve as bridges between legacy applications and industrial control systems (ICS) operating over TCP/IP.
The identified vulnerabilities are distributed across products from both manufacturers:
– Lantronix Products:
– EDS3000PS Series
– EDS5000 Series
– Silex Product:
– SD330-AC
The vulnerabilities fall into several categories:
– Remote Code Execution: CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67041, CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, and CVE-2025-67038
– Client-Side Code Execution: CVE-2026-32963
– Denial-of-Service (DoS): CVE-2026-32961, CVE-2015-5621, CVE-2024-24487
– Authentication Bypass: CVE-2026-32960, CVE-2025-67039
– Device Takeover: FSCT-2025-0021 (no CVE assigned), CVE-2026-32965, CVE-2025-70082
– Firmware Tampering: CVE-2026-32958
– Configuration Tampering: CVE-2026-32962, CVE-2026-32964
– Information Disclosure: CVE-2026-32959
– Arbitrary File Upload: CVE-2026-32957
Exploitation of these vulnerabilities could enable attackers to disrupt serial communications with field assets, move laterally within networks, and alter sensor readings or actuator behaviors.
In a potential attack scenario, a threat actor might gain initial access to a remote facility via an internet-exposed edge device, such as an industrial router or firewall. They could then exploit the BRIDGE:BREAK vulnerabilities to compromise the serial-to-IP converter, allowing them to manipulate serial data traversing the IP network.
Both Lantronix and Silex have released security updates to address these issues:
– Lantronix:
– EDS3000PS Series
– EDS5000 Series
– Silex:
– SD330-AC
Users are strongly advised to apply these patches promptly. Additional recommended security measures include:
– Replacing Default Credentials: Change default usernames and passwords to unique, strong combinations.
– Avoiding Weak Passwords: Implement complex passwords to enhance security.
– Network Segmentation: Isolate serial-to-IP converters from other critical assets to prevent unauthorized access.
– Restricting Internet Exposure: Ensure these devices are not accessible directly from the internet.
This research underscores the vulnerabilities inherent in serial-to-IP converters and the potential risks they pose in critical environments. As these devices become more prevalent in connecting legacy serial equipment to IP networks, it’s imperative for vendors and end-users to prioritize their security as a fundamental operational requirement.
