Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.
The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed online globally.
“Some of these vulnerabilities allow attackers to take full control of mission-critical devices connected via serial links,” the cybersecurity company said in a report shared with The Hacker News.
Serial-to-IP converters are hardware devices that enable users to remotely access, control, and manage any serial device over an IP network or the internet by “bridging” legacy applications and industrial control systems (ICS) that operate over TCP/IP.
At a high level, as many as eight security flaws have been discovered in Lantronix products (EDS3000PS Series and EDS5000 Series) and 14 in Silex SD330-AC. These shortcomings fall under the following broad categories –
- Remote code execution – CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67041, CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, and CVE-2025-67038
- Client-side code execution – CVE-2026-32963
- Denial-of-service (DoS) – CVE-2026-32961, CVE-2015-5621, CVE-2024-24487
- Authentication bypass – CVE-2026-32960, CVE-2025-67039
- Device takeover – FSCT-2025-0021 (no CVE assigned), CVE-2026-32965, CVE-2025-70082
- Firmware tampering – CVE-2026-32958
- Configuration tampering – CVE-2026-32962, CVE-2026-32964
- Information disclosure – CVE-2026-32959
- Arbitrary file upload – CVE-2026-32957
Successful exploitation of the aforementioned flaws could allow attackers to disrupt serial communications with field assets, conduct lateral movement, and tamper with sensor values or modify actuator behavior.
In a hypothetical attack scenario, a threat actor could gain initial access to a remote facility through an internet-exposed edge device, such as an industrial router or firewall, and then weaponize BRIDGE:BREAK vulnerabilities to compromise the serial-to-IP converter, and alter serial data moving to or from the IP network.
Lantronix and Silex have released security updates to address the identified issues –
Besides applying patches, users are advised to replace default credentials, avoid using weak passwords, segment networks to prevent bad actors from reaching vulnerable serial-to-IP converters or using them as jumping-off points to other critical assets, and ensure the devices are not exposed to the internet.
“This research highlights weaknesses in serial-to-IP converters and the risks they can introduce in critical environments,” Forescout said. “As these devices are increasingly deployed to connect legacy serial equipment to IP networks, vendors and end-users should treat their security implications as a core operational requirement.”
