CVE-2026-32960 Raw CVE debrief

Who should care

Organizations that use Silex Technology SD-330AC firmware 1.42 or earlier, or AMC Manager 5.0.2 or earlier, should prioritize this advisory—especially teams responsible for device administration, OT/ICS environments, and network access control around these systems.

Technical summary

The CISA CSAF advisory describes a Sensitive Information in Resource Not Removed Before Reuse issue affecting Silex Technology SD-330AC and AMC Manager. The advisory states that specially crafted packets may allow an attacker to log in to the device. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, with a medium base score of 6.5. Vendor remediations listed in the advisory are SD-330AC firmware 1.50 or later and AMC Manager 5.1.0 or later.

Defensive priority

High for affected deployments: while the score is medium, the impact includes potential device login and the issue is network-reachable with a user-interaction requirement. Patch planning should be prompt for any exposed or operationally sensitive deployments.

Recommended defensive actions

• Upgrade SD-330AC to firmware version 1.50 or later.
• Upgrade AMC Manager to version 5.1.0 or later.
• Review the CISA advisory and the linked Silex Technology/JPCERT notes before scheduling remediation.
• Apply your normal ICS security and change-management procedures while validating affected device inventory and update coverage.

Evidence notes

This debrief is based on the supplied CISA CSAF record for ICSA-26-111-10, which names CVE-2026-32960, describes the login impact from specially crafted packets, and lists the fixed versions. The supplied metadata also shows CVSS 6.5 (MEDIUM), publishedAt 2026-04-21T06:00:00.000Z, and no CISA KEV listing in the provided enrichment.

Official resources