OT

ot-security 2026-04-22
BRIDGE:BREAK — 22 Flaws in Lantronix and Silex Serial-to-IP Converters, ~20,000 Devices Exposed
Forescout's Vedere Labs disclosed 22 CVEs in Lantronix EDS3000PS/EDS5000 and Silex SD330-AC serial-to-IP converters, including unauthenticated RCE, hard-coded keys, and null admin passwords. Roughly 20,000 devices sit directly on the public internet.
bridgebreak lantronix silex ics ot serial-to-ip forescout cve-2026-32955 cve-2025-67041
OT Security 2026-04-19
ZionSiphon: OT Sabotage Malware Targeting Israeli Water and Desalination Plants
Darktrace dissects ZionSiphon, a politically motivated OT malware built to tamper with chlorine and pressure in Israeli water systems. Broken by bad crypto, but the blueprint is real.
OT ICS SCADA malware critical-infrastructure Israel Darktrace Modbus S7comm
vulnerability 2026-04-02
CVE-2026-32746: 32-Year-Old GNU Telnetd Bug Gives Unauthenticated Attackers Root via Port 23
A CVSS 9.8 pre-authentication buffer overflow in GNU inetutils telnetd lets remote attackers get root before the login prompt. Patch is incomplete across major distros and a public PoC exists.
telnet rce buffer-overflow gnu-inetutils ics ot cve-2026-32746

BRIDGE:BREAK — 22 Flaws in Lantronix and Silex Serial-to-IP Converters, ~20,000 Devices Exposed