Which sectors are most affected by these vulnerabilities?

Critical infrastructure sectors such as utilities, manufacturing, and healthcare are most affected, as they commonly deploy serial-to-IP converters to connect legacy systems with modern networks.

What steps should organizations take to mitigate these vulnerabilities?

Organizations should apply available patches from vendors, limit network exposure of affected devices, implement network segmentation, and monitor communications for anomalies to mitigate the risks associated with these vulnerabilities.

BRIDGE:BREAK Vulnerabilities Threaten Critical Infrastructure Security

Forescout's latest research uncovers 22 vulnerabilities in serial-to-IP converters, highlighting significant risks to critical infrastructure sectors.

Published: April 21, 2026

Share this on:

Executive Summary

In April 2026, Forescout Technologies identified 22 vulnerabilities in serial-to-IP converters from Lantronix and Silex, devices integral to connecting legacy industrial equipment to modern networks. These vulnerabilities, collectively named BRIDGE:BREAK, could allow attackers to disrupt operations, move laterally across networks, tamper with sensitive data, or take control of affected devices. The flaws include remote code execution, authentication bypass, firmware manipulation, denial of service, and exposure of confidential information. Notably, tens of thousands of these devices are accessible over the internet, significantly broadening the attack surface for potential cyberattacks.

This discovery underscores the persistent security challenges in operational technology environments, especially concerning devices that bridge legacy systems with modern infrastructure. The prevalence of these vulnerabilities highlights the need for organizations to reassess their security postures, particularly in sectors like utilities, manufacturing, and healthcare, where such devices are commonly deployed.

Why This Matters Now

The BRIDGE:BREAK vulnerabilities expose critical infrastructure to potential cyberattacks, emphasizing the urgent need for organizations to secure operational technology devices that connect legacy systems to modern networks.

Attack Path Analysis

Attackers exploited vulnerabilities in exposed serial-to-IP converters to gain initial access, escalated privileges by exploiting authentication weaknesses, moved laterally through the network by compromising connected devices, established command and control channels via the compromised converters, exfiltrated sensitive data through these channels, and ultimately disrupted operations by tampering with device firmware.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

High

Lateral Movement

Medium

Command & Control

Medium

Exfiltration

Medium

Impact

High

Initial Compromise

Description

Attackers exploited vulnerabilities in exposed serial-to-IP converters to gain unauthorized access.

Confidence:

High

MITRE ATT&CK® Techniques

Initial Access

T1210

Exploitation of Remote Services

Inhibit Response Function

T0805

Block Serial COM

Impact

T1496.002

Bandwidth Hijacking

Collection

T0887

Wireless Sniffing

Initial Access

T0860

Wireless Compromise

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – System and Application Security

Control ID: 6.2

The vulnerabilities in serial-to-IP converters indicate a failure to develop and maintain secure systems and applications, potentially exposing cardholder data to unauthorized access.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The identified vulnerabilities suggest inadequate implementation of a comprehensive cybersecurity policy, leading to potential risks to the confidentiality, integrity, and availability of information systems.

DORA – ICT Risk Management Framework

Control ID: Article 5

The exploitation of these vulnerabilities highlights deficiencies in the ICT risk management framework, affecting the operational resilience of financial entities.

CISA ZTMM 2.0 – Asset Management

Control ID: 3.1

The presence of unpatched vulnerabilities in critical devices indicates a lack of effective asset management practices, undermining the principles of a zero trust architecture.

NIS2 Directive – Security Requirements

Control ID: Article 21

The security flaws in serial-to-IP converters demonstrate non-compliance with the directive's security requirements, potentially impacting essential services and critical infrastructure.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Utilities

Serial-to-IP converters critical for SCADA systems face vulnerability exploitation risks, potentially enabling lateral movement and exfiltration in operational technology networks.

Oil/Energy/Solar/Greentech

Energy infrastructure using Lantronix/Silex converters vulnerable to device hijacking and data tampering, compromising industrial automation and encrypted traffic security.

Industrial Automation

Manufacturing systems relying on serial-to-Ethernet converters exposed to 22 BRIDGE:BREAK vulnerabilities, risking operational disruption and zero trust segmentation failures.

Transportation

Transportation networks using affected serial converters face threat detection challenges and potential compromise of east-west traffic security in connected infrastructure.

Sources

22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Convertershttps://thehackernews.com/2026/04/22-bridgebreak-flaws-expose-20000.html
Verified

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hackinghttps://www.securityweek.com/serial-to-ip-converter-flaws-expose-ot-and-healthcare-systems-to-hacking/

Verified

Forescout Uncovers New Security Risks in Widely Used Industrial Networking Deviceshttps://www.itsecurityguru.org/2026/04/21/forescout-uncovers-new-security-risks-in-widely-used-industrial-networking-devices/

Verified

BRIDGE:BREAK: Forescout Identifies 22 New Vulnerabilities on Serial-to-IP Converters, and Finds Thousands Exposed Onlinehttps://www.streetinsider.com/Business%2BWire/BRIDGE%3ABREAK%3A%2BForescout%2BIdentifies%2B22%2BNew%2BVulnerabilities%2Bon%2BSerial-to-IP%2BConverters%2C%2Band%2BFinds%2BThousands%2BExposed%2BOnline/26340110.html

Verified

Frequently Asked Questions

BRIDGE:BREAK refers to 22 newly discovered vulnerabilities in serial-to-IP converters from Lantronix and Silex, which could allow attackers to disrupt operations, move laterally across networks, tamper with data, or take control of affected devices.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware routing, thereby reducing the blast radius of the compromise.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The attacker's initial access may have been constrained by limiting exposure of vulnerable devices through enforced segmentation.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The attacker's ability to escalate privileges could have been limited by enforcing strict identity-aware access controls.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The attacker's lateral movement would likely have been constrained by monitoring and controlling east-west traffic between workloads.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The attacker's command and control channels may have been detected and disrupted through enhanced visibility and control across multicloud environments.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The attacker's data exfiltration efforts could have been limited by enforcing strict egress policies and monitoring outbound traffic.

Impact (Mitigations)

The attacker's ability to disrupt operations would likely have been reduced by limiting their access to critical devices and systems.

Impact at a Glance

Affected Business Functions

Industrial Control Systems
Healthcare Monitoring Systems
Manufacturing Operations
Utility Management

Operational Disruption

Estimated downtime: N/A

Financial Impact

Estimated loss: N/A

Data Exposure

Potential exposure of operational data in industrial and healthcare environments.

Recommended Actions

• Implement Zero Trust Segmentation to restrict device communication paths and limit lateral movement.
• Deploy East-West Traffic Security controls to monitor and control internal network traffic.
• Utilize Multicloud Visibility & Control solutions to detect and respond to anomalous activities across environments.
• Enforce Egress Security & Policy Enforcement to prevent unauthorized data exfiltration.
• Regularly update and patch devices to mitigate known vulnerabilities.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

BRIDGE:BREAK Vulnerabilities Threaten Critical Infrastructure Security

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

MITRE ATT&CK® Techniques

Exploitation of Remote Services

Block Serial COM

Bandwidth Hijacking

Wireless Sniffing

Wireless Compromise

Potential Compliance Exposure

PCI DSS 4.0 – System and Application Security

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Asset Management

NIS2 Directive – Security Requirements

Sector Implications

Utilities

Oil/Energy/Solar/Greentech

Industrial Automation

Transportation

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads