Serial-to-IP Converters Carry Thousands of Latent Bugs Across OT Networks

Serial-to-IP devices — the small gateways that bridge legacy serial equipment to modern Ethernet networks — are riddled with vulnerabilities, many inherited from decades-old firmware stacks that were never designed for internet exposure. These converters sit quietly in industrial environments, power systems, and building automation, translating RS-232/485 traffic onto TCP/IP, and they are routinely deployed with default credentials, unpatched web interfaces, and outdated cryptographic libraries.

The scale of the problem is structural rather than incidental. A single firmware base often ships across dozens of vendor-rebranded devices, so one flaw cascades into thousands of fielded units that are difficult to inventory, rarely patched, and frequently reachable from the public internet through Shodan-indexable management ports. The bugs span both freshly disclosed CVEs and long-known issues that have persisted because the devices have no auto-update mechanism and asset owners do not track them as IT endpoints.

The operational consequence is that an attacker who compromises a serial-to-IP gateway gains a pivot directly onto the OT side of a network — bypassing the segmentation that perimeter firewalls were assumed to enforce. Effective mitigation requires treating these converters as first-class network assets: inventorying them, removing internet exposure, isolating them on dedicated VLANs, and pressuring vendors to ship signed, updatable firmware.