Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

“Once activated, the weaponized firmware could cause serial-to-IP converters to stop responding on the network. Potential impacts include: analyzers stop reporting results to laboratory information systems, creating processing backlogs; surgical lighting controllers become unresponsive to remote commands; infusion pump calibration and certification workflows are halted; telemetry from environmental sensors is interrupted; Patient monitors lose network connectivity,” the researchers explained.Lantronix and Silex have both been notified and they have released patches. The cybersecurity agency CISA recently published anadvisorydescribing the Lantronix vulnerabilities.Silexhas published an advisory on its own website.It’s important for organizations not to ignore the risks posed by the use of serial-to-IP converters, as these devices have been targeted in the wild. They were targeted by Russian hackers in the2015 Ukraine energy attackand, more recently, in attacks targetingenergy facilities in Poland.Forescout will publish a report detailing the BRIDGE:BREAK vulnerabilities on Tuesday, April 21.Related:Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote HackingRelated:1,000 Instantel Industrial Monitoring Devices Possibly Exposed to HackingRelated:ZionSiphon Malware Targets ICS in Water Facilities

Lantronix and Silex have both been notified and they have released patches. The cybersecurity agency CISA recently published anadvisorydescribing the Lantronix vulnerabilities.Silexhas published an advisory on its own website.It’s important for organizations not to ignore the risks posed by the use of serial-to-IP converters, as these devices have been targeted in the wild. They were targeted by Russian hackers in the2015 Ukraine energy attackand, more recently, in attacks targetingenergy facilities in Poland.Forescout will publish a report detailing the BRIDGE:BREAK vulnerabilities on Tuesday, April 21.Related:Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote HackingRelated:1,000 Instantel Industrial Monitoring Devices Possibly Exposed to HackingRelated:ZionSiphon Malware Targets ICS in Water Facilities

It’s important for organizations not to ignore the risks posed by the use of serial-to-IP converters, as these devices have been targeted in the wild. They were targeted by Russian hackers in the2015 Ukraine energy attackand, more recently, in attacks targetingenergy facilities in Poland.Forescout will publish a report detailing the BRIDGE:BREAK vulnerabilities on Tuesday, April 21.Related:Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote HackingRelated:1,000 Instantel Industrial Monitoring Devices Possibly Exposed to HackingRelated:ZionSiphon Malware Targets ICS in Water Facilities

Forescout will publish a report detailing the BRIDGE:BREAK vulnerabilities on Tuesday, April 21.Related:Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote HackingRelated:1,000 Instantel Industrial Monitoring Devices Possibly Exposed to HackingRelated:ZionSiphon Malware Targets ICS in Water Facilities

Related:Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote HackingRelated:1,000 Instantel Industrial Monitoring Devices Possibly Exposed to HackingRelated:ZionSiphon Malware Targets ICS in Water Facilities

Related:1,000 Instantel Industrial Monitoring Devices Possibly Exposed to HackingRelated:ZionSiphon Malware Targets ICS in Water Facilities

Related:ZionSiphon Malware Targets ICS in Water Facilities

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Source: SecurityWeek