BRIDGE:BREAK: Forescout Identifies 22 New Vulnerabilities on Serial-to-IP Converters, and Finds Thousands Exposed Online

SAN JOSE, Calif.--(BUSINESS WIRE)--Forescout Technologies Inc., a global leader in cybersecurity, today published new research on serial-to-IP converters, hardware used to bridge legacy serial equipment to modern IP networks. These converters are widely used across critical infrastructure sectors, including utilities, manufacturing, and healthcare, and they have been targeted in prior cyberattacks in the energy sector. In light of the recent announcement of Claude Mythos and our own experiments, it is important to note that advances in AI will dramatically accelerate the speed and scale of vulnerability discovery, however this research highlights the continued importance of deep human expertise in uncovering complex, context‑specific weaknesses in real‑world operational systems.

Named BRIDGE:BREAK, the research documents 22 newly discovered vulnerabilities affecting products from two widely deployed vendors: Lantronix and Silex. The report demonstrates how these vulnerabilities could be exploited to disrupt operations, enable lateral movement, or tamper with data exchanged between operational systems and the networks that monitor and manage them.

Download the full report and read the accompanying blog.

Serial-to-IP converters (also known as serial device servers or serial-to-Ethernet adapters) are used across manufacturing, retail, healthcare, utilities, telecommunications, and other industries to connect legacy serial equipment to IP networks without replacing underlying systems. They are common in environments ranging from substations and water treatment facilities to factories and hospitals, where uptime and data integrity directly impact safety, continuity, and service delivery.

“Serial-to-IP converters sit directly in the path between operators and physical processes, yet they often fall outside traditional security monitoring,” said Daniel dos Santos, VP of Research at Forescout. “AI will undoubtedly accelerate vulnerability discovery across a wide range of technologies, but vulnerabilities are not everything. Identifying the most consequential risks, especially in operational environments, still requires insight into how devices behave, communicate, and fail in context. When defenders lack complete asset visibility and a clear view of east-west communication patterns, attackers gain opportunities to disrupt operations, pivot across networks, or manipulate data in ways that undermine trust. Our BRIDGE:BREAK research underscores why these bridge devices deserve the same security scrutiny as other critical infrastructure systems.”

Key Findings of the BRIDGE:BREAK Research:

• BRIDGE:BREAK documents 22 newly discovered vulnerabilities affecting serial-to-IP converters from Lantronix and Silex.
• Exploitation of these vulnerabilities could enable remote code execution, device takeover through authentication weaknesses, firmware tampering, denial of service, and sensitive information disclosure.
• Forescout Research – Vedere Labs identified tens of thousands of serial-to-IP converters from major vendors that were exposed online. While internet exposure is often unintended and does not necessarily indicate vulnerability to the newly disclosed issues, it can increase attacker reach and simplify targeting.
• Researchers also observed that publicly available documentation and open-source intelligence can reveal vendor and model references, architectural details, and even photographs from real-world environments – information that can help threat actors identify and prioritize targets.
• Across firmware analyzed from multiple vendors, researchers observed outdated components, “n-day” vulnerabilities, and inconsistent binary hardening practices – patterns that can increase exploitability.
• Common outcomes from exploiting the documented vulnerabilities include:
  • Disruption (Denial of Service). Disrupting serial communications with field assets and connected systems, interrupting operations and delaying recovery.
  • Lateral movement. Using serial-to-IP converters as pivot points to move east-west and reach other critical systems.
  • Sensor and data tampering. Altering data moving between the serial side and IP networks, including manipulating sensor readings (such as temperature, pressure, flow, or patient vitals) or modifying commands in the opposite direction to influence actuator behavior. In lab demonstrations, Vedere Labs researchers showed how altered serial data can produce misleading readings at the monitoring layer.

Serial-to-IP converters are particularly common in utilities, manufacturing, retail, and healthcare, where legacy equipment lifecycles are long and modernization often happens by “bridging” older systems into new architectures.

Recommended remediation actions include:

• Patch newly disclosed vulnerabilities as soon as possible using vendor-provided updates.
• Eliminate default credentials and enforce strong authentication.
• Ensure converters are not exposed to the internet and apply strict access controls to management interfaces so only authorized systems can reach them.
• Segment networks to prevent threat actors from reaching converters directly or using them to move laterally to compromise other critical assets.
• Monitor east-west communications for anomalies that could indicate exploitation attempts.

Read the full BRIDGE:BREAK report and blog post for additional details. Forescout researchers will also present these findings and demonstrate what attackers can achieve by targeting serial-to-IP converters at Black Hat Asia 2026 on Thursday, April 23.

Additional Resources:

Read Forescout’s recent blog, “Claude Mythos: When Zero-Day Vulnerabilities Outpace Defenses,” to understand how Forescout is thinking about AI‑driven vulnerability discovery—and what organizations must do to manage exposure responsibly in this new reality.

About Forescout

For over 25 years, organizations and governments worldwide have trusted Forescout to secure their networks. From pioneering Network Access Control (NAC) to delivering Universal Zero Trust Network Access (UZTNA), Forescout leads the evolution of enterprise network security across IT, OT, IoT, and IoMT environments. The Forescout 4D Platform™ delivers comprehensive asset intelligence, continuous risk assessment, and dynamic control, over all managed and unmanaged assets, enhanced by the proprietary threat intelligence research of Vedere Labs. Leveraging agentic AI workflows with human-in-the-loop actions, Forescout continuously analyzes threats, orchestrates response, and integrates seamlessly with 180+ security and IT products.