Serial-to-IP Converter Vulnerabilities Expose OT Systems

What Happened

Researchers at Forescout Technologies have uncovered 20 new vulnerabilities in serial-to-IP converters made by Lantronix and Silex. These devices are crucial for bridging legacy serial equipment with modern Ethernet/IP networks, primarily used in operational technology (OT) and healthcare sectors.

The Flaw

The vulnerabilities, collectively known as BRIDGE:BREAK, allow for serious exploits such as OS command injection, remote code execution, and denial-of-service (DoS) attacks. Some flaws can be exploited without authentication, making them particularly dangerous.

What's at Risk

With nearly 20,000 internet-exposed systems worldwide, the potential impact is significant. Attackers could manipulate sensor readings in healthcare settings, disrupt laboratory results, and even halt critical medical equipment. This could lead to severe consequences, including patient safety risks and operational failures in healthcare environments.

Patch Status

Both Lantronix and Silex have been notified of these vulnerabilities and have released patches. The Cybersecurity and Infrastructure Security Agency (CISA) has also published an advisory regarding the Lantronix vulnerabilities, urging organizations to act promptly.

Immediate Actions

Conclusion

The BRIDGE:BREAK vulnerabilities highlight the critical need for organizations to secure their OT and healthcare systems. Ignoring these risks could lead to devastating consequences, as evidenced by past attacks targeting similar devices. As Forescout prepares to release a detailed report, organizations should prioritize patching and securing their devices to protect against potential threats.