Serial-to-IP Converters Vulnerability Threats Affecting Operational Technology and Healthcare Systems
Operational Technology and Healthcare Systems Exposed to Remote Hacking
Cybersecurity researchers have identified potentially serious vulnerabilities in serial-to-IP converters, which can expose operational technology (OT), healthcare, and other systems to remote hacking.
Serial-to-IP Converters: A Critical Weakness
These devices, used in various sectors including industrial, telecoms, retail, and energy, convert legacy serial equipment to modern Ethernet/IP networks, enabling remote communication with older industrial control systems and OT devices.
Vulnerabilities Exploited Without Authentication
- Command injection and remote code execution
- Firmware tampering
- Denial-of-service (DoS) attacks
- Device takeovers
Risks Posed by Serial-to-IP Converters
Attackers can exploit these flaws to manipulate data, disrupt operations, and extort organizations. Researchers demonstrated the potential impact of these vulnerabilities in real-world environments, showcasing scenarios where an attacker could:
- Tamper with data
- Manipulate sensor readings
- Disrupt essential services
Previously Targeted by Cyberattackers
The vulnerabilities can be exploited by targeting internet-exposed devices or those on local networks, which can be compromised via vulnerabilities or misconfigurations in edge devices such as routers and firewalls.
Patches Released, Advisory Published
Lantronix and Silex have released patches for their vulnerable devices, and the US Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory warning of the potential risks.
Comprehensive Report Coming Soon
Forescout plans to release a comprehensive report detailing the BRIDGE:BREAK vulnerabilities on April 21.
About Author
English