What happened
The U.S. cybersecurity agency CISA has issued an alert about two critical vulnerabilities affecting the ZLAN5143D industrial communication device manufactured by ZLAN Information Technology Co. The vulnerabilities, tracked as CVE-2026-25084 and CVE-2026-24789, stem from missing authentication controls and unauthorized password reset functionality, allowing attackers to bypass authentication and gain full remote control of affected devices.Â
The vulnerabilities carry a CVSS severity score of 9.8 and impact version 1.600 of the device, which is widely used in industrial control and communication systems within manufacturing environments. Researchers Shorabh Karir and Deepak Singh from KPMG discovered and reported the flaws. Successful exploitation could allow attackers to access sensitive control commands, alter device configurations, and potentially disrupt industrial operations. As of the advisory, ZLAN Information Technology Co. had not released a patch addressing the vulnerabilities.Â
Who is affected
Organizations using the ZLAN5143D industrial communication device, particularly those operating industrial control systems and manufacturing environments, are affected if vulnerable versions are exposed to networks accessible by attackers.
Why CISOs should care
The vulnerabilities affect industrial communication devices used in operational technology environments, where unauthorized access could compromise industrial control systems and disrupt operational processes.
3 practical actions
- Identify vulnerable ZLAN devices. Locate and inventory ZLAN5143D version 1.600 devices deployed in operational environments.
- Restrict external access. Ensure affected ICS devices are not directly exposed to public networks.
- Monitor for unauthorized access activity. Review device logs and network activity for signs of authentication bypass or configuration changes.