Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters

22 BRIDGE:BREAK flaws hit Lantronix and Silex Technology converters, exposing approximately 20,000 devices to hijacking and data tampering.

Researchers at Forescout Research Vedere Labs found 22 BRIDGE:BREAK flaws in serial-to-IP devices from Lantronix and Silex Technology.

Serial-to-IP converters, also known as serial device servers, connect legacy serial equipment to modern IP networks for remote monitoring and control. They are widely used in sectors like energy (RTUs, relays), industry (PLCs), retail (POS systems), and healthcare (patient monitors). These devices allow organizations to integrate older hardware into TCP/IP networks without replacing existing systems, improving connectivity while extending equipment lifespan.

The experts warn that around 20,000 devices sit exposed online. Attackers can take control of these converters and manipulate the data they transmit, creating serious risks for industrial and enterprise environments.

“We discovered 22 new vulnerabilities in hardware from device makers: Lantronix and Silex.” reads the report published by Forescout. “Also known as ‘serial-to-IP’ and ‘serial device servers’, these innocuous ‘bridge’ devices are exploitable across critical infrastructure industries, including utilities, healthcare, manufacturing, retail, financial services, transportation, and more.”

“Some of these vulnerabilities allow attackers to take full control of mission-critical devices connected via serial links.” added the company.

Researchers analyzed firmware from major serial-to-IP vendors and found widespread security issues. Each device included dozens of software components, thousands of known vulnerabilities, and many existing exploits. A deeper review uncovered 22 new flaws in Lantronix and Silex Technology products, including remote code execution, authentication bypass, firmware tampering, and data exposure.

Researchers identified up to eight vulnerabilities in Lantronix devices (EDS3000PS and EDS5000 series) and 14 in Silex Technology SD330-AC. Below is the list of the flaws:

Attackers could use these weaknesses to shut down communications (DoS), move laterally across industrial networks, or manipulate data in transit. This means they could alter sensor readings or change commands sent to machines, impacting industrial processes, energy systems, or even healthcare devices.

In power grids, devices such as protection relays track voltage and can trigger breakers via SCADA systems, while factories connect CNC machines for centralized control. These setups often rely on serial-to-IP converters.

A typical attack starts when an attacker gains access through exposed edge devices like VPNs or routers. They then exploit vulnerabilities in the converter (e.g., weak authentication or RCE) to take control. Once inside, they can manipulate data in transit—altering sensor readings or commands. For example, stable temperature data can be changed to extreme fluctuations.

Such manipulation can impact railway signaling, fire alarm systems, or fuel management, causing operational disruption or safety risks.

Both Lantronix and Silex addressed the identified vulnerabilities with the following releases:

• Lantronix EDS3000PS Series
• Lantronix EDS5000 Series
• Silex

To reduce risks, organizations should patch systems, replace default credentials, and enforce strong passwords. They should keep serial-to-IP converters off the internet, restrict access to trusted workstations, and segment networks using VLANs or dedicated subnets. Monitoring is key: teams must detect exploitation attempts and unusual data flows that may indicate tampering.

Vendors should adopt secure-by-design practices and a strong SDLC, keep software updated, and track all firmware components. They should harden binaries, test security regularly, and use robust encryption and signing methods. Using modern Linux versions and notifying customers about exposed devices can further reduce risks and improve overall security.

“This research highlights weaknesses in serial-to-IP converters and the risks they can introduce in critical environments. As these devices are increasingly deployed to connect legacy serial equipment to IP networks, vendors and end-users should treat their security implications as a core operational requirement.” concludes the report. “Based on the new vulnerabilities and attack scenarios we demonstrated – and supported by evidence of prior attacks and the availability of detailed deployment information through OSINT – we recommend that organizations patch vulnerable serial-to-IP converter devices as soon as possible:”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, BRIDGE:BREAK flaws)