Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FCC Bans Chinese Telecom Equipment From Huawei, ZTE, Others Over Security Risks
July 2, 2026
Critical JetBrains Flaws Allow Auth Bypass, Code Execution
July 2, 2026
Critical Microsoft Defender, Sysmon Flaw Lets Attackers Disable Security
July 2, 2026
Home/CyberSecurity News/CISA Warns of Critical ZLAN ICS Flaws Allowing Complete Device Takeover
CyberSecurity News

CISA Warns of Critical ZLAN ICS Flaws Allowing Complete Device Takeover

Key Takeaways The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert concerning two critical vulnerabilities in ZLAN Information Technology Co.’s ZLAN5143D...

Marcus Rodriguez
Marcus Rodriguez
February 16, 2026 3 Min Read
41 0

Key Takeaways

  • The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert concerning two critical vulnerabilities in ZLAN Information Technology Co.’s ZLAN5143D industrial communication device.
  • These flaws, discovered by KPMG researchers, could allow unauthenticated attackers to gain complete control over affected systems by bypassing authentication or resetting passwords remotely.
  • The vulnerabilities, identified as CVE-2026-25084 and CVE-2026-24789, both carry a critical CVSS score of 9.8.
  • The ZLAN5143D device is widely used in critical manufacturing sectors globally, and currently, no patch or specific update has been released by ZLAN Information Technology Co.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding severe security vulnerabilities discovered in a widely deployed industrial communication device manufactured by ZLAN Information Technology Co. The identified flaws affect the ZLAN5143D device, posing a significant risk to global critical manufacturing environments where it facilitates industrial control and communication functions.

Table Of Content

  • Key Takeaways
  • Identified Critical Vulnerabilities
  • Risk to Industrial Operators
  • What You Should Do

According to CISA’s advisory, ICSA-26-041-02, successful exploitation of these weaknesses could enable malicious actors to achieve full control over compromised systems. Attackers could bypass existing authentication mechanisms or remotely reset device passwords, potentially leading to widespread disruption of operational technology (OT) systems and industrial processes.

The vulnerabilities specifically impact ZLAN5143D devices running version 1.600. Shorabh Karir and Deepak Singh, researchers from KPMG, are credited with discovering these critical issues and promptly reporting them to CISA.

Identified Critical Vulnerabilities

Two distinct vulnerabilities have been detailed, both rated with a critical CVSS score of 9.8:

  • CVE-2026-25084: This vulnerability stems from a missing authentication requirement that permits remote control of the device without proper verification.
  • CVE-2026-24789: This flaw allows for unauthorized password resets, leading directly to full system compromise.

Both CVEs affect ZLAN Information Technology Co.’s ZLAN5143D product, specifically version 1.600. The core issue lies in the absence of authentication for crucial functions, which grants unauthenticated attackers direct access to sensitive control commands.

Risk to Industrial Operators

Industrial operators who rely on the ZLAN5143D series face substantial cybersecurity risks, particularly if these devices are exposed to the internet or integrated into poorly segmented networks. The ability to bypass authentication and reset passwords means an attacker could modify configurations, interfere with control commands, or even use the device as a gateway to infiltrate broader industrial environments.

While CISA has stated that there is no known public exploitation of these vulnerabilities at this time, the risk remains high due to the widespread deployment of these devices and the critical CVSS scores assigned to the flaws.

What You Should Do

  • Minimize network exposure for all control system devices and ensure they are not directly accessible from the internet.
  • Place industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks behind robust firewalls.
  • Isolate control networks from enterprise IT networks to prevent lateral movement in the event of a breach.
  • Implement Virtual Private Networks (VPNs) for secure remote access, ensuring all VPN software is current and properly configured.
  • Before implementing any defensive measures, conduct a comprehensive impact assessment.
  • Review CISA’s extensive industrial control systems security best practices.
  • Consult CISA’s technical information paper, ICS-TIP-12-146-01B – Targeted Cyber Intrusion Detection and Mitigation Strategies, for additional mitigation guidance.
  • Monitor for any official patches or updates from ZLAN Information Technology Co., as none are currently available.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVECybersecurityExploitPatchSecurity

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Lotus Blossom Hackers Compromise Notepad++ Hosting Infrastructure

Next Post

ZeroDayRAT malware targets iOS, Android for real-time surveillance

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
WinRAR 7.23 Patches Critical Heap Overflow Vulnerability CVE-2024-XXXX
July 2, 2026
Medtronic Confirms Data Breach, Corporate IT Systems Compromised
July 2, 2026
Critical ClamAV Vulnerabilities Let Attackers Trigger DoS
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us