A vulnerability discovered in a Lantronix device that is used worldwide in various critical infrastructure sectors can expose systems to remote hacking.
An advisory published by the cybersecurity agency CISA last week revealed that a critical missing authentication vulnerability has been found in Lantronix XPort, a product that enables remote connectivity and control for devices. The security hole enables an attacker to gain unauthorized access to the device’s configuration interface.
The XPort product is deployed around the world in sectors such as critical manufacturing, transportation systems, water, and energy, according to CISA. The vendor’s website shows that the product is used, among others, for traffic lights, industrial product manufacturing, and surveillance systems.
The vulnerable product is commonly deployed in the oil and gas industry, according to Souvik Kandar, the Microsec researcher who discovered the flaw.
Kandar told SecurityWeek that he has identified more than 1,400 internet-exposed XPort instances, including over 300 deployed in oil and gas infrastructure, such as gas station fuel management systems.
The researcher warned that an attacker could exploit the vulnerability to remotely gain full control of a targeted device, including its configuration and operational parameters.
Hackers could pivot to other connected systems on the network and cause significant problems with regulators and customers for critical infrastructure organizations.
For organizations in the energy industry, specifically fuel stations, hackers could manipulate inventory and sensor data, and cause safety hazards by interfering with automatic tank gauging (ATG) systems. All this could lead to service disruptions and financial loss, the researcher said.
“Given the nature of deployment and the number of exposed instances, this vulnerability poses a significant cybersecurity risk to the energy sector, particularly fuel and gas distribution systems,” Kandar said.
Lantronix has been notified, but it does not appear to have released a patch, according to CISA’s advisory. Instead, the vendor has advised customers to migrate to its XPort Edge product, which is not impacted by the vulnerability.
Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
October 27-30, 2025 | Atlanta
www.icscybersecurityconference.com
Related: ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider
Related: Study Identifies 20 Most Vulnerable Connected Devices of 2025
Related: More Solar System Vulnerabilities Expose Power Grids to Hacking
