Critical Vulnerabilities Found in Serial-to-IP Converters Used Globally
AI-generated from multiple sources. Verify before acting on this reporting.
Researchers from Forescout Technologies have identified 20 new security vulnerabilities in serial-to-IP converters manufactured by Lantronix and Silex, exposing critical infrastructure and healthcare systems to potential remote attacks. The flaws, disclosed on April 20, 2026, allow threat actors to execute commands and manipulate data without authentication.
The vulnerabilities affect devices widely deployed across industrial, telecommunications, retail, healthcare, energy, utilities, and transportation sectors. Serial-to-IP converters are essential components that bridge legacy serial devices with modern IP networks, enabling remote monitoring and control of operational technology. The security gaps include command injection and remote code execution flaws that could allow attackers to take control of connected systems.
Forescout researchers stated that the vulnerabilities could be exploited to manipulate sensor data, cause denial-of-service disruptions, or fully compromise devices. In healthcare settings, such attacks could impact patient safety by interfering with medical equipment. In industrial and utility sectors, exploitation could disrupt critical operations or enable unauthorized access to control systems.
The threat landscape for these devices includes Russian hackers, extortion groups, and state-sponsored actors. Attackers targeting these vulnerabilities could gain entry into networks that manage power grids, water treatment facilities, manufacturing plants, and hospital equipment. The lack of authentication requirements for certain functions makes the devices particularly susceptible to exploitation from anywhere on the internet.
Lantronix and Silex have been notified of the vulnerabilities. Both vendors are working with Forescout to develop patches and mitigation strategies. However, the widespread deployment of these devices means that many systems may remain exposed until updates are applied. The researchers emphasized that the vulnerabilities are severe enough to warrant immediate attention from organizations relying on these converters.
The discovery highlights ongoing risks in operational technology security, where legacy devices often lack modern security features. As industries increasingly connect critical systems to networks, the attack surface expands, creating new opportunities for malicious actors. The vulnerabilities underscore the need for robust security practices in industrial and healthcare environments.
Questions remain about the extent of existing exploitation and whether any attacks have already occurred using these flaws. Security experts are urging organizations to audit their networks for affected devices and implement compensating controls until patches are available. The situation continues to develop as vendors work to address the vulnerabilities and researchers monitor for emerging threats.