The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding significant security flaws discovered in industrial networking equipment manufactured by ZLAN Information Technology Co.
The alert, identified as ICSA-26-041-02, focuses on the ZLAN5143D serial-to-Ethernet device server, a component widely utilized to bridge legacy serial devices with modern network infrastructure.
These vulnerabilities pose a severe threat to operational technology environments, as successful exploitation could allow unauthorized actors to bypass authentication mechanisms completely or arbitrarily reset device passwords, effectively granting full administrative control over the targeted system.
This disclosure highlights the fragility of legacy connectivity within the critical manufacturing sector, where the ZLAN5143D is deployed globally.
The vulnerabilities affect firmware version 1.600 and have been assigned a critical CVSS v3 score of 9.8.
This high severity rating indicates that the flaws are remotely exploitable and require low attack complexity, making them attractive targets for threat actors seeking to disrupt industrial processes.
The discovery of these issues is credited to security researchers Shorabh Karir and Deepak Singh of KPMG, who identified the missing authentication controls for critical functions and reported them to CISA to facilitate a coordinated response.
Vulnerability Details
The core of the issue lies in how the device handles critical administrative functions. By exploiting these specific CVEs, an attacker can manipulate the device without valid credentials.
This type of access is particularly dangerous in Industrial Control Systems (ICS) because serial servers often sit at the intersection of IT and OT networks, potentially offering a gateway for deeper lateral movement into sensitive control zones.
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2026-25084 | 9.8 (Critical) | A specific flaw involving missing authentication for a critical function, allowing unauthorized access or control of the device. |
| CVE-2026-24789 | 9.8 (Critical) | A vulnerability that facilitates authentication bypass, enabling an attacker to reset the device password or modify configurations. |
CISA has not reported any known public exploitation targeting these specific vulnerabilities at the time of the release, but organizations are urged to take proactive defensive measures immediately.
The agency recommends that network administrators minimize the exposure of all control system devices by ensuring they are never directly accessible from the public internet.
Furthermore, control system networks and remote devices should be located behind firewalls and strictly isolated from business networks to prevent the spread of potential intrusions.
For environments where remote access is operationally necessary, CISA advises the use of secure methods such as Virtual Private Networks (VPNs).
However, the agency cautions that VPNs are only as secure as the connected devices and must be updated to the latest versions to remain effective.
Organizations are encouraged to perform proper impact analysis and risk assessments prior to deploying these defensive measures to ensure that security upgrades do not inadvertently disrupt critical manufacturing operations.
Operators observing any suspected malicious activity related to these IOCs should follow internal incident response procedures and report findings to CISA for tracking.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google
