Researchers at Forescout discovered 20 vulnerabilities in Silex and Lantronix serial-to-IP converters, tracked as BRIDGE:BREAK, that allow unauthenticated remote code execution, firmware tampering, and device takeover. The flaws put OT and healthcare systems at risk—researchers demonstrated sensor manipulation and DoS via malicious firmware—and vendors have released patches while CISA has published advisories. #BRIDGEBREAK #Lantronix
Keypoints
- Forescout identified 20 new vulnerabilities in Silex and Lantronix serial-to-IP converters.
- The BRIDGE:BREAK flaws enable OS command injection, remote code execution, firmware tampering, and device takeovers.
- Serial-to-IP converters are widely used in industrial, healthcare, energy, and transportation sectors and ~20,000 devices are internet-exposed.
- Attackers can locate targets via OSINT and also exploit local network paths through misconfigured edge devices.
- Vendors released patches and CISA issued advisories, but urgent remediation is required to protect critical OT and healthcare systems.