Lantronix device used in critical infrastructure exposes systems to remote hacking

A vulnerability discovered in a Lantronix device that is used worldwide in various critical infrastructure sectors can expose systems to remote hacking.

An advisory published by the cybersecurity agency CISA last week revealed that a critical missing authentication vulnerability has been found in Lantronix XPort, a product that enables remote connectivity and control for devices. The security hole enables an attacker to gain unauthorized access to the device’s configuration interface.

The XPort product is deployed around the world in sectors such as critical manufacturing, transportation systems, water, and energy, according to CISA. The vendor’s website shows that the product is used, among others, for traffic lights, industrial product manufacturing, and surveillance systems.

Read more at Security Week