A fresh set of vulnerabilities in little-known but widely used industrial devices has been uncovered by cybersecurity researchers at Forescout Technologies, warning that attackers could exploit them to disrupt operations or manipulate real-world systems.
The firm’s research, to be released April 21, identified 22 previously unknown vulnerabilities in serial-to-IP converters — hardware used to connect legacy industrial equipment to modern networks.
The devices, produced by vendors including Lantronix and Silex, are commonly found in energy grids, manufacturing plants, hospitals and telecommunications systems, where they act as bridges between digital networks and physical processes.
“Serial-to-IP converters sit directly in the path between operators and physical systems, yet they often fall outside traditional security monitoring,” said Daniel dos Santos, vice president of research at Forescout.
Pathways to disruption
Forescout said the vulnerabilities could allow attackers to take control of devices remotely, move laterally across networks, disrupt operations and tamper with data flowing between systems.
In lab tests, researchers demonstrated how compromised devices could alter sensor readings, such as temperature or pressure, potentially causing incorrect responses in industrial processes or misleading operators.
The company also says it has identified tens of thousands of these devices exposed online.
A changing attack surface
Generally, the firm said the attack surface is broadening from traditional IT systems toward less visible infrastructure and “edge” devices.
According to its data, more than half of the most critically vulnerable assets now fall into categories such as network infrastructure and operational technology, rather than laptops and servers.
“These are the blind spots,” said dos Santos. “Devices that are connected, but not properly monitored or managed.”
Some of the riskiest devices this year also include routers and medication dispensing systems. Even printers and MRI scanners have proven to be cyberrisks.
For instance, last year, printer models from Brother and other vendors were revealed to have security holes, exposing them to hackers.
Many assets connected to corporate networks fall outside IT’s visibility, Forescout said — whether employees bringing personal devices or teams connecting unsanctioned gear. Serial-to-IP converters are a prime example, according to dos Santos: often installed to extend the life of legacy systems, they aren’t updated or secured to modern standards.
Where weaknesses lie
Despite the technical complexity of modern cyberthreats, many attacks continue to exploit basic issues such as default credentials, outdated firmware and misconfigurations.
As a result, Forescout urged organizations to patch affected devices, remove default credentials, restrict internet exposure, segment networks to limit attacker movement and monitor internal traffic.
“The challenge isn’t just sophisticated attacks,” said dos Santos. “It’s the lack of visibility into these devices in the first place.”