A major research operation by Forescout Research – Vedere Labs has exposed a critical gap

in industrial security. Codenamed BRIDGE:BREAK, the research reveals 22 newly discovered

vulnerabilities in serial-to-IP converters—the essential "bridge" devices used to connect legacy

industrial equipment to modern IP networks.

These converters are the "invisible" backbone of critical infrastructure, used in everything from

power grids and manufacturing plants to hospital patient monitoring systems. Forescout

researchers found nearly 20,000 devices globally exposed to the open internet, leaving them

ripe for hijacking.

1. The Targets: Lantronix and Silex

The study focused on three highly popular models that are staples in Operational Technology

(OT) environments.

● Lantronix (EDS3000PS and EDS5000PS): Researchers identified 8 new bugs. The

EDS5000PS was found to contain five separate Remote Code Execution (RCE)

flaws, including two critical vulnerabilities with CVSS scores of 9.8.

● Silex (SD330-AC): This model was riddled with 14 flaws, including CVE-2026-32955

and CVE-2026-32956. These vulnerabilities allow authenticated attackers with low

privileges to execute arbitrary code or trigger heap-based buffer overflows, leading to a

total system compromise.

2. The Attack: Hijacking the Physical World

Serial-to-IP converters translate old "industrial speak" into "internet speak." Because they sit

directly between the human operator and the physical machine, a compromise allows for

terrifying real-world impacts:

● Data Tampering: Attackers can modify sensor readings (temperature, pressure, or flow)

before they reach the control room. An operator might see a "Safe" reading while a boiler

is actually over-pressurizing.

● Malicious Actuation: Attackers can send modified commands in the opposite direction,

causing physical machinery to move, stop, or operate unsafel

Lateral Movement: These converters are often poorly monitored and run ancient Linux

kernels (averaging over 2,200 bugs each). They serve as the perfect "beachhead" for

attackers to pivot deeper into an industrial network.

3. Case Study: The "Invisible" Legacy Risk

Forescout’s analysis of these firmware images revealed a startling lack of modern security. On

average, each device was found to have:

● 212 known vulnerabilities in its open-source components.

● 89 publicly available exploits already targeting its underlying tech stack.

● 68% of the tech stack components were characterized as "outdated" or "end-of-life."

Hacklido Intelligence: Hardening the OT Bridge

If you are managing an industrial environment, these "bridge" devices deserve the same

security scrutiny as your primary servers.

Strategic Defensive Steps:

1. Immediate Patching: Both Lantronix and Silex have released firmware updates. Apply

them immediately, focusing on CVE-2026-32955 and the EDS5000PS RCEs.

2. Kill the Internet Exposure: There is almost no legitimate reason for a serial-to-IP

converter to be discoverable on the public web. Place them behind a VPN or a strictly

controlled jump server.

3. Network Segmentation: Use "Zone and Conduit" models (ISA/IEC 62443) to ensure

that if a converter is compromised, the attacker cannot reach the rest of your OT or IT

environment.

4. Monitor East-West Traffic: Watch for unusual command patterns or unauthorized

management attempts (like redirect URL triggers) on your industrial VLANs.

The Verdict: BRIDGE:BREAK proves that our modern industrial future is built on some very

shaky legacy foundations. In the world of OT, the "bridge" isn't just a connection—it's a potential

point of failure for the entire physical operation.