CISA has issued an alert regarding two critical flaws in ZLAN Information Technology Co.’s ZLAN5143D industrial communication device, widely deployed in manufacturing and operational technology (OT) environments.
Vulnerability Details
- CVE‑2026‑25084 (CVSS 9.8) → Missing authentication enables remote device control.
- CVE‑2026‑24789 (CVSS 9.8) → Unauthorized password reset leads to full compromise.
- Affected version: ZLAN5143D v1.600.
- Impact: Attackers can bypass authentication, reset passwords, and gain complete control of the device.
Risk to Industrial Operators
- Devices exposed to the internet or poorly segmented networks are at high risk.
- Exploitation could allow attackers to:
- Alter configurations.
- Disrupt control commands.
- Use compromised devices as entry points into wider OT environments.
- While no public exploitation is known yet, the widespread deployment and severity scores make this a high‑priority risk.
Recommended Mitigations
- Isolate control networks from business IT environments.
- Restrict external access to ICS devices.
- Minimize network exposure: place devices behind firewalls.
- Use VPNs for authorized remote access.
- Keep software updated and audit device configurations.
- Review CISA’s ICS best practices and technical guidance (ICS‑TIP‑12‑146‑01B).
Final Thought
The ZLAN5143D vulnerabilities highlight how authentication gaps in ICS devices can translate into full system compromise. For industrial operators, the lesson is clear: segmentation, patching, and proactive monitoring are non‑negotiable in protecting critical infrastructure.
Leave a Reply