New Vulnerabilities Discovered in Serial-to-IP Converters Threaten Critical Infrastructure

Severity: High (Score: 67.5)

Sources: Businesswire, www.cybersecuritydive.com, Darkreading, en.wikipedia.org

Summary

Forescout has identified 22 new vulnerabilities in serial-to-IP converters from Lantronix and Silex, devices crucial for connecting legacy industrial equipment to modern networks. These vulnerabilities could be exploited to disrupt operations, enable lateral movement, and tamper with data in critical sectors such as utilities, manufacturing, and healthcare. The report highlights that thousands of these devices are exposed online, increasing the risk of cyberattacks. Previous incidents have shown that these converters are often targeted in major operational technology cyberattacks. The vulnerabilities include remote code execution (RCE) risks, with some rated as critical. Forescout's research emphasizes the need for enhanced security measures for these devices, which often fall outside traditional security monitoring. The findings were presented at Black Hat Asia 2026, underscoring the ongoing challenges in securing operational technology environments. Key Points: • Forescout identified 22 new vulnerabilities in serial-to-IP converters. • Thousands of these devices are exposed online, increasing cyberattack risks. • The vulnerabilities could disrupt operations and compromise data integrity.

Key Entities

• Berserk Bear (apt_group)
• Sandworm (apt_group)
• Malware (attack_type)
• Zero-day Exploit (attack_type)
• Lantronix (company)
• Silex (company)
• Poland (country)
• Russia (country)
• CVE-2025-70082 (cve)
• CWE-287 - Improper Authentication (cwe)
• CWE-798 - Use of Hard-coded Credentials (cwe)
• CWE-94 - Code Injection (cwe)
• forescout.com (domain)
• rhstrategic.com (domain)
• Energy (industry)
• Healthcare (industry)
• Manufacturing (industry)
• Retail (industry)
• Telecommunications (industry)
• T1021 - Remote Services (mitre_attack)
• Fortigate (platform)