RSS
Last updated: May 14, 2026 at 10:49 AM UTC
All 219 Vulnerability 76 Breach 45 Threat 91 Defense 7
Tag: forescout (1 article)Clear
vulnerability
CVE-2026-32955CVE-2026-32956CVE-2026-32957CVE-2026-32958CVE-2026-32959CVE-2026-32960CVE-2026-32961CVE-2026-32962CVE-2026-32963CVE-2026-32964CVE-2026-32965CVE-2025-67034CVE-2025-67035CVE-2025-67036CVE-2025-67037CVE-2025-67038CVE-2025-67039CVE-2025-67041CVE-2025-70082CVE-2024-24487CVE-2015-5621
2026-04-21

BRIDGE:BREAK - 22 new flaws expose ~20,000 internet-facing Lantronix and Silex serial-to-IP converters to full takeover

Forescout Vedere Labs disclosed BRIDGE:BREAK, a set of 22 new vulnerabilities in serial-to-IP converters from Lantronix and Silex that together expose roughly 20,000 devices visible on the open internet. Serial-to-IP converters bridge legacy serial-port equipment (older industrial PLCs, building-automation controllers, medical devices, laboratory instruments) to modern TCP/IP networks, so attackers compromising them can read and tamper with the raw serial traffic flowing to field equipment. Eight flaws affect Lantronix EDS3000PS and EDS5000 series; fourteen affect Silex SD330-AC. The categories span unauthenticated remote code execution (CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67034 through 67038, CVE-2025-67041), authentication bypass (CVE-2026-32960, CVE-2025-67039), full device takeover (CVE-2026-32965, CVE-2025-70082, plus FSCT-2025-0021 with no CVE assigned), firmware tampering (CVE-2026-32958), arbitrary file upload (CVE-2026-32957), and information disclosure (CVE-2026-32959). The researchers describe a realistic kill chain where an attacker first pops an internet-facing edge device like an industrial router, then pivots through a compromised serial-to-IP converter to silently alter sensor readings or actuator commands flowing to field assets - data-integrity attacks that are invisible to most OT monitoring. Both vendors have released firmware updates.

lantronixsilexserial-to-ipot-securityicsrceforescoutbridge-break
Check
Search your asset inventory and external-attack-surface data for any Lantronix EDS3000PS, EDS5000, or Silex SD330-AC devices, then confirm they are both patched and not directly internet-exposed.
Affected
Lantronix EDS3000PS Series and EDS5000 Series; Silex SD330-AC. Vulnerable firmware versions listed per device in the respective Lantronix and Silex advisories.
Fix
Apply the firmware updates Lantronix and Silex have released for each affected model (see vendor advisories for version-specific fixes). Replace default credentials, put these devices behind network segmentation, and remove all direct internet exposure - serial-to-IP converters have no business being reachable from the public internet. Add Shodan/Censys monitoring for your ASN to catch rogue or forgotten deployments. If you cannot patch immediately, take the devices offline rather than leave them on the internet.