CISA Warns of Critical ZLAN ICS Flaws Allowing Complete Device Takeover
Key Takeaways The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert concerning two critical vulnerabilities in ZLAN Information Technology Co.’s ZLAN5143D...
Key Takeaways
- The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert concerning two critical vulnerabilities in ZLAN Information Technology Co.’s ZLAN5143D industrial communication device.
- These flaws, discovered by KPMG researchers, could allow unauthenticated attackers to gain complete control over affected systems by bypassing authentication or resetting passwords remotely.
- The vulnerabilities, identified as CVE-2026-25084 and CVE-2026-24789, both carry a critical CVSS score of 9.8.
- The ZLAN5143D device is widely used in critical manufacturing sectors globally, and currently, no patch or specific update has been released by ZLAN Information Technology Co.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding severe security vulnerabilities discovered in a widely deployed industrial communication device manufactured by ZLAN Information Technology Co. The identified flaws affect the ZLAN5143D device, posing a significant risk to global critical manufacturing environments where it facilitates industrial control and communication functions.
Table Of Content
According to CISA’s advisory, ICSA-26-041-02, successful exploitation of these weaknesses could enable malicious actors to achieve full control over compromised systems. Attackers could bypass existing authentication mechanisms or remotely reset device passwords, potentially leading to widespread disruption of operational technology (OT) systems and industrial processes.
The vulnerabilities specifically impact ZLAN5143D devices running version 1.600. Shorabh Karir and Deepak Singh, researchers from KPMG, are credited with discovering these critical issues and promptly reporting them to CISA.
Identified Critical Vulnerabilities
Two distinct vulnerabilities have been detailed, both rated with a critical CVSS score of 9.8:
- CVE-2026-25084: This vulnerability stems from a missing authentication requirement that permits remote control of the device without proper verification.
- CVE-2026-24789: This flaw allows for unauthorized password resets, leading directly to full system compromise.
Both CVEs affect ZLAN Information Technology Co.’s ZLAN5143D product, specifically version 1.600. The core issue lies in the absence of authentication for crucial functions, which grants unauthenticated attackers direct access to sensitive control commands.
Risk to Industrial Operators
Industrial operators who rely on the ZLAN5143D series face substantial cybersecurity risks, particularly if these devices are exposed to the internet or integrated into poorly segmented networks. The ability to bypass authentication and reset passwords means an attacker could modify configurations, interfere with control commands, or even use the device as a gateway to infiltrate broader industrial environments.
While CISA has stated that there is no known public exploitation of these vulnerabilities at this time, the risk remains high due to the widespread deployment of these devices and the critical CVSS scores assigned to the flaws.
What You Should Do
- Minimize network exposure for all control system devices and ensure they are not directly accessible from the internet.
- Place industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks behind robust firewalls.
- Isolate control networks from enterprise IT networks to prevent lateral movement in the event of a breach.
- Implement Virtual Private Networks (VPNs) for secure remote access, ensuring all VPN software is current and properly configured.
- Before implementing any defensive measures, conduct a comprehensive impact assessment.
- Review CISA’s extensive industrial control systems security best practices.
- Consult CISA’s technical information paper, ICS-TIP-12-146-01B – Targeted Cyber Intrusion Detection and Mitigation Strategies, for additional mitigation guidance.
- Monitor for any official patches or updates from ZLAN Information Technology Co., as none are currently available.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.