PatchSiren cyber security CVE debrief
CVE-2026-32959 Raw CVE debrief
CVE-2026-32959 is a medium-severity weakness in Silex Technology SD-330AC and AMC Manager that can let an attacker recover information through a man-in-the-middle scenario. The CISA CSAF advisory published on 2026-04-21 identifies the issue as a Use of a Broken or Risky Cryptographic Algorithm problem and points to vendor fixes in SD-330AC firmware 1.50+ and AMC Manager 5.1.0+.
- Vendor
- Raw
- Product
- Silex Technology SD-330AC <=1.42 AMC Manager <=5.0.2
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-21
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-21
- Advisory updated
- 2026-04-21
Who should care
IT/OT administrators, network security teams, and integrators who deploy Silex Technology SD-330AC firmware 1.42 or earlier and AMC Manager 5.0.2 or earlier should review this immediately. Environments that rely on these products across shared, routed, or otherwise untrusted networks should treat the confidentiality risk as more urgent.
Technical summary
The advisory describes a cryptographic weakness that can be abused in a man-in-the-middle position to retrieve information. The supplied CVSS 3.1 vector is AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, which is consistent with a network-reachable confidentiality issue with no integrity or availability impact reported. The source also includes SSVCv2/E:N/A:N with a 2026-04-20 timestamp, and the CWE reference aligns with CWE-327 (Use of a Broken or Risky Cryptographic Algorithm).
Defensive priority
Medium overall, but prioritize faster remediation for any deployment exposed to untrusted networks or used to protect sensitive information.
Recommended defensive actions
- Upgrade Silex Technology SD-330AC firmware to Ver. 1.50 or later.
- Upgrade AMC Manager to Ver. 5.1.0 or later.
- Review where these products are deployed and reduce exposure to untrusted or shared network paths until patched.
- Apply segmentation and defense-in-depth controls recommended by CISA for industrial control systems.
- Use the vendor and JPCERT/CC advisories referenced by the source to confirm product-specific remediation steps and deployment guidance.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-26-111-10 for CVE-2026-32959 and the associated remediation entries. The source states that the issue affects Silex Technology SD-330AC <=1.42 and AMC Manager <=5.0.2, describes the weakness as a broken or risky cryptographic algorithm that could allow information retrieval via a man-in-the-middle attack, and lists the fixed versions. Timing context uses the provided CVE published/modified timestamps of 2026-04-21T06:00:00.000Z; no later issue date is inferred.
Official resources
-
CVE-2026-32959 CVE record
CVE.org
-
CVE-2026-32959 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Initial public disclosure is reflected by the supplied CVE published timestamp and the CISA CSAF advisory publication on 2026-04-21 (ICSA-26-111-10). The supplied data shows the record was modified the same day, with no later revisions in-c