{"id":547553,"date":"2026-04-24T03:11:32","date_gmt":"2026-04-24T03:11:32","guid":{"rendered":"https:\/\/www.newsbeep.com\/uk\/547553\/"},"modified":"2026-04-24T03:11:32","modified_gmt":"2026-04-24T03:11:32","slug":"serial-to-ip-converter-flaws-expose-ot-and-healthcare-systems-to-hacking","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/uk\/547553\/","title":{"rendered":"Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking"},"content":{"rendered":"<p>Serial-to-IP converters are affected by potentially serious vulnerabilities that can expose operational technology (OT), healthcare, and other types of systems to remote attacks.<\/p>\n<p>Serial-to-IP converters, also known as serial device servers, are hardware devices that bridge legacy serial equipment to modern Ethernet\/IP networks, allowing old industrial control systems (ICS) and other OT devices to communicate remotely.<\/p>\n<p>Researchers at network security and threat detection company Forescout Technologies have analyzed these devices and found numerous vulnerabilities that could be valuable to threat actors.\u00a0<\/p>\n<p>Serial-to-IP converters are used in sectors such as industrial, telecoms, retail, healthcare, energy and utilities, and transportation. The devices are made by several major companies, including Moxa, Digi, Advantech, Perle, Lantronix, and Silex.<\/p>\n<p>Some of these vendors have reported deploying millions of devices, and a Shodan search shows nearly 20,000 internet-exposed systems worldwide.\u00a0<\/p>\n<p>\u201cUsing open-source intelligence (OSINT), attackers can find details about some of these devices, including internal IP addresses, model and vendor names, and photographs from electrical substations, water treatment plants, and other critical infrastructure environments,\u201d Forescout researchers explained.\u00a0<\/p>\n<p>Advertisement. Scroll to continue reading.<\/p>\n<p>In addition to internet-exposed devices, attackers could target serial-to-IP converters on local networks, which can be compromised via vulnerabilities or misconfigurations in edge devices such as routers and firewalls.<\/p>\n<p>Forescout\u2019s research, which focused on Silex and Lantronix devices, led to the discovery of 20 new vulnerabilities across the two vendors\u2019 products, including weaknesses that can be exploited without authentication.\u00a0<\/p>\n<p>The vulnerabilities, collectively tracked as BRIDGE:BREAK, can be exploited for OS command injection and remote code execution, firmware tampering, denial-of-service (DoS) attacks, and device takeovers.<\/p>\n<p>Some of the flaws can allow attackers to upload arbitrary files, bypass authentication, and obtain information.\u00a0<\/p>\n<p>Forescout researchers showed the potential impact of these vulnerabilities in real-world environments. They demonstrated how an attacker could exploit the flaws to tamper with data, for instance, manipulating sensor readings in industrial and healthcare environments to conceal dangerous conditions that would normally require human intervention.<\/p>\n<p><a href=\"https:\/\/www.icscybersecurityconference.com\/\" rel=\"nofollow noopener\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"264\" src=\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2026\/04\/ICS-2026-970250-SW-1-1024x264.jpg\" alt=\"\" class=\"wp-image-46003\" style=\"aspect-ratio:3.8789761340216558;width:648px;height:auto\"  \/><\/a><\/p>\n<p>In another scenario, the researchers described how an extortion group or a state-sponsored threat actor could cause a DoS condition in a healthcare environment by delivering malicious firmware to devices.<\/p>\n<p>\u201cOnce activated, the weaponized firmware could cause serial-to-IP converters to stop responding on the network. Potential impacts include: analyzers stop reporting results to laboratory information systems, creating processing backlogs; surgical lighting controllers become unresponsive to remote commands; infusion pump calibration and certification workflows are halted; telemetry from environmental sensors is interrupted; Patient monitors lose network connectivity,\u201d the researchers explained.<\/p>\n<p>Lantronix and Silex have both been notified and they have released patches. The cybersecurity agency CISA recently published an <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-26-069-02\" rel=\"nofollow noopener\" target=\"_blank\">advisory<\/a> describing the Lantronix vulnerabilities. <a href=\"https:\/\/www.silex.jp\/support\/security-advisories\/2026-001\" rel=\"nofollow noopener\" target=\"_blank\">Silex<\/a> has published an advisory on its own website.\u00a0<\/p>\n<p>It\u2019s important for organizations not to ignore the risks posed by the use of serial-to-IP converters, as these devices have been targeted in the wild. They were targeted by Russian hackers in the <a href=\"https:\/\/www.securityweek.com\/ukraine-accuses-russia-hacking-power-companies\/\" rel=\"nofollow noopener\" target=\"_blank\">2015 Ukraine energy attack<\/a> and, more recently, in attacks targeting <a href=\"https:\/\/www.securityweek.com\/default-ics-credentials-exploited-in-destructive-attack-on-polish-energy-facilities\/\" rel=\"nofollow noopener\" target=\"_blank\">energy facilities in Poland<\/a>.\u00a0\u00a0<\/p>\n<p>Forescout has published a report detailing the <a href=\"https:\/\/www.forescout.com\/resources\/bridgebreak-report\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">BRIDGE:BREAK<\/a> vulnerabilities.\u00a0<\/p>\n<p class=\"has-text-color has-link-color wp-elements-b0ab46b03f89e82e116c7f077d6a4b15\" style=\"color:#636363\">*updated with link to the Forescout report<\/p>\n<p>Related: <a href=\"https:\/\/www.securityweek.com\/lantronix-device-used-in-critical-infrastructure-exposes-systems-to-remote-hacking\/\" rel=\"nofollow noopener\" target=\"_blank\">Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote Hacking<\/a><\/p>\n<p>Related: <a href=\"https:\/\/www.securityweek.com\/1000-instantel-industrial-monitoring-devices-possibly-exposed-to-hacking\/\" rel=\"nofollow noopener\" target=\"_blank\">1,000 Instantel Industrial Monitoring Devices Possibly Exposed to Hacking<\/a><\/p>\n<p>Related: <a href=\"https:\/\/www.securityweek.com\/zionsiphon-malware-targets-ics-in-water-facilities\/\" rel=\"nofollow noopener\" target=\"_blank\">ZionSiphon Malware Targets ICS in Water Facilities<\/a>\n\t\t\t<\/p>\n","protected":false},"excerpt":{"rendered":"Serial-to-IP converters are affected by potentially serious vulnerabilities that can expose operational technology (OT), healthcare, and other types&hellip;\n","protected":false},"author":2,"featured_media":547554,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[87,102,2960,188485,188486,188487,56,54,55,21577],"class_list":{"0":"post-547553","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-healthcare","8":"tag-featured","9":"tag-health","10":"tag-healthcare","11":"tag-ics","12":"tag-lantronix","13":"tag-silex","14":"tag-uk","15":"tag-united-kingdom","16":"tag-unitedkingdom","17":"tag-vulnerability"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/547553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=547553"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/547553\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media\/547554"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=547553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=547553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=547553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}