Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure

Forescout's BRIDGE:BREAK research reveals severe security flaws in serial-to-Ethernet converters used across industrial, healthcare, and retail environments. Firmware from five major vendors averaged 80 open-source components carrying ~2,500 known vulnerabilities each, with 89 publicly available exploits. Researchers also discovered 22 new vulnerabilities in Lantronix and Silex devices, including remote code execution, authentication bypass, and device takeover flaws. With nearly 20,000 such devices exposed on the internet and millions deployed internally, the attack surface is significant. Real-world attacks — including the 2015 Ukraine power grid incident and a 2024 Polish wind/solar farm attack — demonstrate active exploitation. Firmware patches have been released by both vendors, and Forescout recommends network segmentation, access controls, credential hardening, and monitoring as mitigations.