ICSA-26-041-02, a critical advisory published by the U.S This article explores highlights flaws zlan5143d. . Cybersecurity and Infrastructure Security Agency (CISA), highlights serious flaws in the ZLAN5143D serial-to-Ethernet device server manufactured by ZLAN Information Technology Co.

This equipment is widely used in industrial settings around the world, particularly in manufacturing, to connect legacy serial devices to contemporary networks. By taking advantage of these vulnerabilities, attackers could reset device passwords or completely circumvent authentication, gaining total administrative control. Operational technology (OT) environments are at risk from these threats since interruptions could stop production lines or allow for more extensive network intrusions. Both vulnerabilities, which affect firmware version 1.600, have a top CVSS v3.1 score of 9.8 critical because they are remote exploitable, low complexity, and require neither user interaction nor privileges.

The problems were found by KPMG security researchers Shorabh Karir and Deepak Singh, who noted that authentication was missing for important features. Although there are currently no known public exploits, threat actors seeking to engage in industrial sabotage find the flaws to be very appealing due to their simplicity. Details of the Vulnerability Inadequate security measures on administrative endpoints are the cause of these defects.

While CVE-2026-24789 permits attackers to freely change configurations or reset passwords, CVE-2026-25084 permits unauthorized access to crucial functions without credentials. ZLAN5143D devices are frequently used in ICS configurations to connect IT and OT networks, opening doors for lateral movement into control systems. Description of CVE ID CVSS Score CVE-2026-25084 9.8 (Critical) Unauthorized device access or control is made possible by missing authentication for a crucial function. Authentication bypass CVE-2026-24789 9.8 (Critical) permits configuration changes or password resets without credentials.

CISA emphasizes removing these gadgets from the internet. Keep them out of the public eye, isolate control networks from business ones, and put them behind firewalls. Use VPNs for critical remote access, but only on patched endpoints because vulnerable devices compromise them.

To prevent operational downtime, do risk assessments first. Networks should be audited for ZLAN5143D exposure, vendor patches should be applied right away, and anomalies should be kept an eye out for. Inform CISA of any suspicious activity. The dangers of legacy ICS equipment in critical infrastructure are highlighted by this alert; prompt mitigation is necessary to ensure manufacturing continuity.

Make ZeroOwl your Google Preferred Source.