CISA Warns: ZLAN ICS Device Flaws Enable Full Takeover

Home » News
Yash Shield
News
Reading time icon 2 min. read

Calendar icon Published on

CISA issued an urgent alert on two critical vulnerabilities in ZLAN Information Technology Co.’s ZLAN5143D industrial communication device. These flaws, tracked as CVE-2026-25084 and CVE-2026-24789, each score 9.8 on the CVSS scale and allow attackers to seize complete control without authentication.

The issues affect version 1.600 of the ZLAN5143D. This device handles key industrial control and communication tasks in manufacturing plants worldwide. Attackers can bypass login checks or reset passwords remotely, leading to unauthorized access.

BEST WINTER DEALS
Editor's Choice
Private Internet Access

Access content across the globe at the highest speed rate.

70% of our readers choose Private Internet Access

70% of our readers choose ExpressVPN

ExpressVPN

Browse the web from multiple devices with industry-standard security protocols.
Nord VPN

Faster dedicated servers for specific actions (currently at summer discounts)

Public exploits remain unknown so far. Still, the high severity and common internet exposure raise real risks for operational technology systems. CISA urges quick isolation of these devices from open networks.

Vulnerability Details

Researchers Shorabh Karir and Deepak Singh from KPMG found the flaws. They reported them responsibly to CISA, which published ICSA-26-041-02 on February 10, 2026. The advisory details full takeover paths via missing auth on vital functions.

No patches exist yet from ZLAN. Operators must limit exposure now. 

CVE IDCVSS ScoreDescriptionAffected ProductVersion
CVE-2026-250849.8 (Critical)Missing authentication for remote controlZLAN5143D1.600
CVE-2026-247899.8 (Critical)Unauthorized password resetZLAN5143D1.600

Risks to Industrial Systems

These flaws let attackers send control commands directly. They could tweak settings, halt operations, or pivot deeper into networks. Internet-facing or poorly segmented ZLAN devices face the highest threats.

Critical manufacturing relies on such gear for steady comms. A breach might cause downtime or safety issues. CISA notes no known attacks but stresses proactive steps due to easy exploitation.

Official Guidance

CISA recommends network isolation first. Keep control systems off business IT. Use firewalls, VPNs for any remote needs, and update software promptly.

See CISA’s ICS best practices: cisa.gov/ics. Extra tips in ICS-TIP-12-146-01B on intrusion detection

Mitigation Steps

  • Minimize internet exposure for ZLAN devices.
  • Deploy firewalls and segment OT networks.
  • Use VPNs for approved remote access only.
  • Assess impact and monitor for odd activity.
  • Watch CISA alerts for patch updates.

FAQ

What do the ZLAN5143D vulnerabilities allow?

Full device takeover via auth bypass or password reset.

Which version is vulnerable?

ZLAN5143D v1.600. Update when patches drop.

Has ZLAN released fixes?

Not yet. Check vendor site regularly.

Are exploits public?

No known public attacks per CISA.

How to protect ICS devices?

Isolate networks, firewall external access, use VPNs.

Who found these flaws?

KPMG’s Shorabh Karir and Deepak Singh, reported to CISA.

Yash

Yash Shield

I am a Business Analytics student with a strong interest in publishing well-researched and data-driven news articles. I focus on analyzing trends in business, finance, and technology to create clear, accurate, and engaging content for readers. I enjoy transforming complex data and information into simple, meaningful stories that help audiences understand current developments. With analytical thinking and attention to detail, I aim to deliver credible and insightful news that adds real value to readers.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages