22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
BRIDGE:BREAK—22 ثغرة أمنية جديدة تضرب أجهزة Serial-to-IP من Lantronix و Silex
BRIDGE:BREAK—22 New Vulnerabilities Found in Lantronix and Silex Serial-to-IP Converters
TL;DR
Cybersecurity researchers have uncovered 22 vulnerabilities, collectively dubbed BRIDGE:BREAK, affecting Lantronix and Silex serial-to-IP converters. These flaws expose nearly 20,000 devices globally to hijacking, data tampering, and remote code execution. Patches have been released, and organizations are urged to secure these critical "bridge" devices immediately.
Introduction
The bridge between legacy industrial equipment and modern IP networks is under threat. Cybersecurity researchers at Forescout Research Vedere Labs have identified a collection of 22 security flaws, codenamed BRIDGE:BREAK, in popular serial-to-IP converters manufactured by Lantronix and Silex.
These converters play a mission-critical role in industrial environments, allowing administrators to remotely manage legacy serial devices—such as sensors and industrial control systems (ICS)—over TCP/IP or the internet. However, Forescout’s research reveals that nearly 20,000 of these devices are currently exposed online, providing a massive attack surface for threat actors.
Devices Under Attack
The vulnerabilities are concentrated in specific models widely used across various industries:
- Lantronix: Eight security flaws were discovered across the EDS3000PS and EDS5000 series.
- Silex: Fourteen security flaws were identified in the SD330-AC model.
Understanding the Risks: BRIDGE:BREAK Exploit Categories
A successful exploitation of these vulnerabilities could grant an attacker full control over the converter, allowing them to manipulate the serial communications between field assets and the IP network.
The 22 flaws fall into several high-risk categories:
- Remote Code Execution (RCE): The most severe category, allowing attackers to run malicious commands. Relevant CVEs include CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, and others (CVE-2025-67041, 67034-67038).
- Device Takeover: Attackers can seize total control of the hardware (FSCT-2025-0021, CVE-2026-32965, CVE-2025-70082).
- Authentication Bypass: Allowing unauthorized users to gain entry without valid credentials (CVE-2026-32960, CVE-2025-67039).
- Data and Firmware Tampering: Attackers can modify device configurations (CVE-2026-32962/4) or even tamper with the device firmware itself (CVE-2026-32958).
- Denial-of-Service (DoS): Disrupting the availability of communications (CVE-2026-32961, CVE-2015-5621, CVE-2024-24487).
- Other Vulnerabilities: These include arbitrary file upload (CVE-2026-32957), information disclosure (CVE-2026-32959), and client-side code execution (CVE-2026-32963).
Impact on Industrial Operations
The real-world consequences of these flaws are significant. If an attacker compromises a serial-to-IP converter, they can:
- Tamper with Sensor Values: Feeding false data to monitoring systems.
- Modify Actuator Behavior: Changing the physical actions of machinery.
- Lateral Movement: Using the converter as a "jumping-off point" to infiltrate other areas of the industrial network.
In a typical attack scenario, a threat actor might find an entry point through an internet-exposed industrial router or firewall and then use the BRIDGE:BREAK flaws to pivot into the serial network, bypassing traditional security layers.
Mitigation and Recommendations
Both Lantronix and Silex have released security updates to address the BRIDGE:BREAK vulnerabilities. Organizations utilizing these models should prioritize the following actions:
- Apply Patches: Update Lantronix EDS3000PS/EDS5000 and Silex SD330-AC devices to the latest firmware versions immediately.
- Restrict Internet Exposure: Ensure that serial-to-IP converters are not reachable via the public internet.
- Network Segmentation: Use VLANs and firewalls to isolate these devices from other critical parts of the network.
- Credential Hygiene: Replace all default passwords with strong, unique credentials.
Conclusion
As legacy systems are increasingly brought online to meet the demands of modern data management, serial-to-IP converters have become essential. However, as Forescout’s research demonstrates, these "bridges" are often the weakest link in the chain. Cybersecurity for these devices must be treated as a core operational requirement to prevent catastrophic disruptions in mission-critical environments.
