CVE-2026-32958 Raw CVE debrief

Who should care

Administrators and operators using Silex Technology SD-330AC devices or AMC Manager, especially teams responsible for firmware updates and settings web interface access in OT/ICS or similar managed environments.

Technical summary

The source advisory describes a use of hard-coded cryptographic key vulnerability affecting Silex Technology SD-330AC firmware up to and including 1.42 and AMC Manager up to and including 5.0.2. The stated impact is that an administrative user could be directed to apply a fake firmware update. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, which aligns with network reachability, no privileges required, user interaction required, and high integrity impact.

Defensive priority

Medium, with higher urgency for environments that routinely use the affected firmware update or settings interfaces.

Recommended defensive actions

• Update SD-330AC firmware to version 1.50 or later.
• Update AMC Manager to version 5.1.0 or later.
• Set a password for the settings web interface, as recommended in the advisory.
• Review the linked CISA and JPCERT/CC advisories for the vendor’s full remediation guidance.

Evidence notes

This debrief is based on CISA CSAF advisory ICSA-26-111-10 and the supplied CVE record. The source states that CVE-2026-32958 affects SD-330AC firmware <=1.42 and AMC Manager <=5.0.2, and that the issue could direct an administrative user to apply a fake firmware update. The advisory provides CVSS v3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N (6.5, MEDIUM) and an SSVCv2 line. No KEV entry was supplied. The vendor mapping in the source is marked low-confidence/needs review, so product naming should be validated against the official advisory if used operationally.

Official resources