ZLAN Information Technology Co.: CISA Alerts on Critical ZLAN ICS Flaws Enabling Full Device Takeover

Critical Vulnerabilities in ZLAN Serial-to-Ethernet Devices Expose Industrial Networks to Remote Takeover

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory (ICSA-26-041-02) highlighting two severe vulnerabilities in ZLAN Information Technology Co.’s ZLAN5143D serial-to-Ethernet device server, a widely used component in industrial environments. These flaws, discovered by KPMG researchers Shorabh Karir and Deepak Singh, allow attackers to bypass authentication entirely or reset device passwords, granting full administrative control without requiring credentials or user interaction.

The vulnerabilities CVE-2026-25084 (missing authentication for critical functions) and CVE-2026-24789 (authentication bypass for password resets) both carry a CVSS v3.1 score of 9.8 (Critical) due to their low attack complexity and remote exploitability. The affected firmware version is 1.600, and while no public exploits have been reported, the simplicity of the flaws makes them attractive targets for threat actors seeking to disrupt industrial operations or move laterally into operational technology (OT) networks.

ZLAN5143D devices are commonly deployed in manufacturing and industrial control systems (ICS), where they bridge legacy serial equipment with modern Ethernet networks. Exploitation could lead to production halts, unauthorized configuration changes, or deeper network intrusions, particularly in environments where OT and IT networks intersect.

CISA recommends immediate mitigation steps, including isolating devices from the internet, segmenting control networks, and using VPNs for remote access though only on patched endpoints. Organizations are urged to audit networks for exposed devices, apply vendor patches, and monitor for anomalous activity. The advisory underscores the risks posed by outdated ICS hardware in critical infrastructure, where unaddressed vulnerabilities could have cascading operational impacts.

Source: https://cyberpress.org/zlan-ics-flaws/

ZLAN Information Technology Co. TPRM report: https://www.rankiteo.com/company/zlan-technologies-ltd.

"id": "zla1771281217",
"linkid": "zlan-technologies-ltd.",
"type": "Vulnerability",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'Manufacturing and industrial '
                                              'control systems (ICS) '
                                              'environments',
                        'industry': 'Industrial Control Systems (ICS)',
                        'name': 'ZLAN Information Technology Co.',
                        'type': 'Vendor'}],
 'attack_vector': 'Remote',
 'description': 'The U.S. Cybersecurity and Infrastructure Security Agency '
                '(CISA) has issued an urgent advisory (ICSA-26-041-02) '
                'highlighting two severe vulnerabilities in ZLAN Information '
                'Technology Co.’s ZLAN5143D serial-to-Ethernet device server. '
                'These flaws allow attackers to bypass authentication entirely '
                'or reset device passwords, granting full administrative '
                'control without requiring credentials or user interaction. '
                'The vulnerabilities affect firmware version 1.600 and could '
                'lead to production halts, unauthorized configuration changes, '
                'or deeper network intrusions in industrial environments.',
 'impact': {'downtime': 'Production halts',
            'operational_impact': 'Unauthorized configuration changes, deeper '
                                  'network intrusions',
            'systems_affected': 'ZLAN5143D serial-to-Ethernet device servers'},
 'post_incident_analysis': {'corrective_actions': 'Apply vendor patches, '
                                                  'isolate devices, segment '
                                                  'networks, monitor for '
                                                  'anomalies',
                            'root_causes': 'Missing authentication for '
                                           'critical functions, authentication '
                                           'bypass for password resets'},
 'recommendations': 'Audit networks for exposed devices, apply vendor patches, '
                    'and monitor for anomalous activity. Isolate devices from '
                    'the internet, segment control networks, and use VPNs for '
                    'remote access.',
 'references': [{'source': 'CISA Advisory'},
                {'source': 'KPMG Researchers (Shorabh Karir and Deepak '
                           'Singh)'}],
 'regulatory_compliance': {'regulatory_notifications': 'CISA advisory '
                                                       '(ICSA-26-041-02)'},
 'response': {'containment_measures': ['Isolating devices from the internet',
                                       'Segmenting control networks',
                                       'Using VPNs for remote access'],
              'enhanced_monitoring': 'Monitor for anomalous activity',
              'network_segmentation': 'Segmenting control networks',
              'remediation_measures': 'Apply vendor patches'},
 'title': 'Critical Vulnerabilities in ZLAN Serial-to-Ethernet Devices Expose '
          'Industrial Networks to Remote Takeover',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['CVE-2026-25084', 'CVE-2026-24789']}