Multiple unauthenticated vulnerabilities (collectively BRIDGE:BREAK) in Silex and Lantronix serial-to-IP converters enable remote code execution, command injection, denial-of-service, and device hijacking, posing significant risks to critical infrastructure sectors like healthcare and OT. The article does not provide specific CVSS scores, affected version ranges, fixed version numbers, or workarounds. Forescout Technologies disclosed the flaws, and both vendors have issued fixes following the disclosure.
Vulnerability Management , Patch/Configuration Management , Critical Infrastructure Security Several flaws found in serial-to-IP converters used in critical sectors April 21, 2026 Share By SC Staff (Adobe Stock) SecurityWeek reports that Forescout Technologies identified 20 new vulnerabilities in Sliex and Lantronix serial-to-IP converters, or serial device servers, that can be exploited without authentication, potentially exposing healthcare, operational technology , and other systems to remote attacks. Attackers could weaponize the flaws, which are collectively known as BRIDGE:BREAK, to enable OS command injection, remote code execution, denial-of-service intrusions, firmware tampering, and device hijacking, as well as arbitrary file uploads, authentication evasion, and information gathering, reported Forescout researchers. Actively exploited firmware could prevent serial-to-IP converters from responding on the network. "Potential impacts include: analyzers stop reporting results to laboratory information systems, creating processing backlogs; surgical lighting controllers become unresponsive to remote commands; infusion pump calibration and certification workflows are halted; telemetry from environmental sensors is interrupted; Patient monitors lose network connectivity," said researchers, who are poised to release more details on the vulnerabilities. Fixes have already been issued by both Lantronix and Silex following Forescout's disclosure. SC Staff Related Vulnerability Management Another Cisco Catalyst SD-WAN Manager bug added to CISA list Steve Zurier April 21, 2026 CISA flags new Cisco SD-WAN flaw amid active exploit chains, urging rapid patching. Data Security Lovable AI coding platform faces scrutiny over data exposure SC Staff April 21, 2026 A security researcher, operating under the handle @weezerOSINT, reported that a simple free account on Lovable provided access to other users' source code and database credentials. Network Security GreyNoise finds attacker activity surges before vulnerability disclosures Laura French April 21, 2026 The median lead time between activity surge and advisory publication was 11 days. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds