Unpatchable & Critical: CISA Issues CVSS 10.0 Alert for Synectix Adapters

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a maximum-severity alert for the Synectix LAN 232 TRIO, a legacy serial-to-ethernet adapter. The vulnerability, tracked as CVE-2026-1633, carries a CVSS score of 10.0, representing the highest possible level of risk.

The flaw is as simple as it is devastating: the device completely fails to secure its administrative interface. This means anyone with network access can walk right in without a password.

The advisory describes a catastrophic failure in access control. According to CISA, the device “exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device”.

Because there is no authentication barrier, an attacker does not need to steal credentials or exploit complex code. They simply need to navigate to the device’s IP address to take full control.

The impact of this vulnerability is total system compromise. CISA warns that “successful exploitation of this vulnerability could result in an unauthenticated attacker modifying critical device settings or factory resetting the device”.

For industrial environments relying on these adapters to connect legacy machinery to modern networks, a factory reset could sever communications, causing downtime or loss of visibility into critical processes.

Perhaps the most concerning aspect of this advisory is that there is no fix. The vendor, Synectix, has ceased operations, leaving the hardware unsupported and vulnerable forever.

The advisory warns: “The affected products should be considered end-of-life, as Synectix is no longer in business and therefore firmware fixes, mitigations and updates will be unavailable”.

With no patch available and a CVSS score of 10, the only safe course of action is physical removal. Organizations are urged to identify any Synectix LAN 232 TRIO devices remaining on their networks and replace them with supported alternatives immediately. As the report implies, continuing to use this hardware is a risk that can no longer be mitigated.

Related Posts:

• CVE-2026-0625: Critical Actively Exploited RCE Hits Unpatchable D-Link Routers
• Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation
• Trio of SQL Injection Flaws Strike Amazon Redshift Drivers: Patch Immediately
• The Unpatchable Leak: Sony’s PS5 Security Crumples as BootROM Keys Hit the Web