Industrial Bridges Exposed

A small box that translates old serial machine signals into internet traffic has become a new weak point in factories, utilities, and hospitals. Forescout said this week it found 22 previously unknown flaws in widely used serial-to-IP converters from Lantronix and Silex. (financialcontent.com) These devices are often called serial device servers: they let older equipment keep using RS-232 or RS-485 connections while the rest of the network speaks Ethernet and internet protocol. Lantronix markets its EDS3000PS and EDS5000 for remote access to serial-based gear including medical devices, point-of-sale terminals, and security equipment, while Silex sells the SD-330AC for industrial automation, building automation, and medical devices. (securityweek.com) (lantronix.com) (silextechnology.com) Forescout said a Shodan search found nearly 20,000 of these systems exposed to the public internet worldwide. The company said open-source intelligence can reveal internal internet protocol addresses, model numbers, vendor names, and even photos tied to electrical substations and water treatment plants. (securityweek.com) The new flaws were split across two product families: eight in Lantronix EDS3000PS and EDS5000 devices, and 14 in Silex SD-330AC hardware and AMC Manager software. CISA published separate advisories on March 10, 2026 for Lantronix and April 21, 2026 for Silex, with top severity scores of 9.8 out of 10. (cisa.gov 1) (cisa.gov 2) CISA said the Lantronix bugs could let an attacker bypass authentication and run code with root-level privileges. The Silex advisory said successful attacks could allow remote code execution, denial of service, or configuration changes without authentication. (cisa.gov 1) (cisa.gov 2) Forescout’s concern is not only the 22 new bugs. The company said these products also carry more than 2,000 known vulnerabilities in bundled third-party components, turning a niche adapter into a stack of inherited software risk. (thehackernews.com) That matters because the converter sits “in the path” between operators and physical equipment. Forescout said an attacker who controls that middle box could tamper with sensor readings, interfere with control commands, pivot deeper into the network, or alter the data that monitoring systems trust. (industrialcyber.co) The affected gear is old in concept but current in use. Lantronix says the EDS5000 supports 8, 16, or 32 serial ports to Ethernet, and Silex says the SD-330AC adds wireless local-area networking to serial and Ethernet devices, which is why these products still show up in plants, clinics, and field sites that cannot replace every legacy machine at once. (lantronix.com) (silextechnology.com) Vendors have issued fixes for at least part of the exposure. CISA said Silex released SD-330AC firmware version 1.50 or later and AMC Manager 5.1.0 or later, and recommended disabling HTTP and HTTPS for several of the critical flaws; Lantronix points customers to firmware and security updates through its support center. (cisa.gov) (lantronix.com) CISA’s Known Exploited Vulnerabilities catalog did not list these serial-to-IP issues as of April 23, 2026. The immediate problem is simpler: thousands of internet-facing bridge devices are still online, and they sit between human operators and the machines they control. (cisa.gov)