Lantronix EDS3000PS and EDS5000

Plan PatchCVSS 9.8ICS-CERT ICSA-26-069-02Mar 10, 2026

LantronixManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Lantronix EDS5000 and EDS3000PS serial device servers contain multiple authentication bypass and command execution vulnerabilities (CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038). Successful exploitation allows an attacker to bypass authentication and execute code with root-level privileges, potentially enabling full control of the device and disruption of serial communications with connected industrial equipment.

What this means

What could happen

An attacker could bypass authentication and execute commands with root-level privileges on affected Lantronix serial device servers, potentially allowing remote control of critical infrastructure communication channels or connected industrial equipment.

Who's at risk

Manufacturing plants and critical infrastructure sites that use Lantronix EDS5000 or EDS3000PS serial device servers to connect engineering workstations or remote monitoring systems to serial-based industrial equipment (PLCs, RTUs, terminal servers, legacy instrumentation). Water authorities, electric utilities, and other utilities using these devices for remote plant access are affected.

How it could be exploited

An attacker on the network sends specially crafted requests to the device's network interface, bypassing authentication mechanisms. Once authenticated to the root level, the attacker can execute arbitrary commands to reconfigure the device, redirect serial traffic, or disrupt communications with attached PLCs, RTUs, or other industrial control systems.

Prerequisites

Network access to the Lantronix device's management port (typically port 9001 or SSH on port 22)
No valid credentials required to exploit authentication bypass

remotely exploitableno authentication requiredlow complexitycritical CVSS (9.8)high EPSS score (0.1% is low but vendor-confirmed critical issue)root-level code execution possible

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

1 with fix1 pending

ProductAffected VersionsFix Status

EDS5000: 2.1.0.0R32.1.0.0R32.2.0.0R1

EDS3000PS: 3.1.0.0R23.1.0.0R2No fix yet

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to EDS5000 and EDS3000PS management interfaces (port 9001, SSH) to authorized engineering networks only using firewall rules

HARDENINGEnsure serial device servers are not directly accessible from the Internet; place them behind a firewall or VPN gateway

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EDS5000 devices to firmware version 2.2.0.0R1 or later

Long-term hardening

0/2

HARDENINGIsolate Lantronix devices on a separate management network segment, not on the same network as business systems or untrusted devices

HARDENINGImplement network segmentation so that if an EDS3000PS (no patch available) is compromised, attackers cannot reach other OT devices or the main plant network

CVEs (8)

CVE-2025-67039 CVE-2025-70082 CVE-2025-67041 CVE-2025-67034 CVE-2025-67035 CVE-2025-67036 CVE-2025-67037 CVE-2025-67038

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e8d81825-8978-4185-b147-2c38374369d3

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.