Cybersecurity firm Forescout has identified 22 previously unknown vulnerabilities in serial-to-IP converters, devices commonly used to connect legacy industrial equipment to modern networks. The company warns that thousands of these systems are currently exposed online, potentially increasing the risk of cyberattacks across critical infrastructure sectors.
The findings are part of a new research initiative called BRIDGE:BREAK, which focuses on hardware produced by Lantronix and Silex. These devices are widely deployed in industries such as utilities, manufacturing, healthcare, and telecommunications, where they play a key role in maintaining operations by bridging older systems with newer digital infrastructure.
Serious Risks: Disruption, Data Tampering, and Device Takeover
According to the report, the vulnerabilities could allow attackers to disrupt operations, move laterally across networks, tamper with sensitive data, or even take control of affected devices. Some of the identified weaknesses include the potential for remote code execution, authentication bypass, firmware manipulation, denial of service, and exposure of confidential information.
Forescout researchers also discovered that tens of thousands of these devices are accessible over the internet. While exposure alone does not mean the devices are vulnerable to the newly identified flaws, it significantly broadens the attack surface and makes it easier for threat actors to identify and target them.
Human Expertise Still Critical in an AI Driven Landscape
Daniel dos Santos, Vice President of Research at Forescout, said the findings highlight a persistent gap in how organizations secure operational technology environments.
“Serial-to-IP converters sit directly between operators and physical processes, yet they are often overlooked by traditional security monitoring,” dos Santos said. “Advances in artificial intelligence will accelerate how quickly vulnerabilities are discovered, but understanding which risks truly matter still requires human insight into how devices behave and communicate in real world environments.”
Publicly Available Information Aids Attackers
The research also emphasizes that attackers can leverage publicly available information, such as technical documentation and images, to identify specific device models and deployment environments. This type of intelligence can help adversaries prioritize targets and refine their attack strategies.
In addition, the analysis of firmware from multiple vendors revealed outdated software components, known vulnerabilities, and inconsistent security protections. These factors can make exploitation easier and increase the likelihood of successful attacks.
Real World Impact on Critical Infrastructure
Forescout outlined several potential consequences if the vulnerabilities are exploited. These include operational disruptions caused by interference with communications between systems, the ability to move within a network to access other critical assets, and manipulation of sensor data. In testing scenarios, researchers demonstrated how altered data could produce false readings in monitoring systems, potentially leading to incorrect decisions or unsafe conditions.
Recommended Steps to Reduce Risk
The company is urging organizations to take immediate action to reduce risk. Recommended steps include applying vendor patches as soon as they are available, removing default credentials, enforcing strong authentication, and ensuring that devices are not directly exposed to the internet. Additional measures such as network segmentation and monitoring internal traffic for unusual activity can also help limit the impact of potential attacks.
As industries continue to rely on legacy equipment integrated into modern networks, the report underscores the importance of securing the devices that serve as bridges between the two.
Forescout’s findings suggest that these often overlooked components could become a critical entry point for attackers if not properly managed.
You can download the full BRIDGE:BREAK report here.
