PatchSiren cyber security CVE debrief
CVE-2026-32961 Raw CVE debrief
CVE-2026-32961 is a network-triggerable heap-based buffer overflow affecting Silex Technology SD-330AC firmware versions 1.42 and earlier, and AMC Manager versions 5.0.2 and earlier. According to the CISA CSAF advisory, specially crafted packets can trigger a temporary denial-of-service condition. The issue is rated CVSS 5.3 (medium) and the source advisory provides fixed versions for both products.
- Vendor
- Raw
- Product
- Silex Technology SD-330AC <=1.42 AMC Manager <=5.0.2
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-21
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-21
- Advisory updated
- 2026-04-21
Who should care
Organizations using Silex Technology SD-330AC devices or AMC Manager, especially OT/ICS operators and administrators responsible for network-facing management services running firmware 1.42 or earlier or AMC Manager 5.0.2 or earlier.
Technical summary
The advisory describes a heap-based buffer overflow in packet handling for Silex Technology SD-330AC and AMC Manager. The published CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) indicates network attackability, low complexity, no privileges required, and an availability-only impact. The source remediation guidance lists SD-330AC firmware Ver 1.50 or later and AMC Manager Ver. 5.1.0 or later as fixes.
Defensive priority
Medium priority: patch promptly for any exposed or production deployment because the flaw is network-reachable and can disrupt availability, but the disclosed impact is limited to temporary denial of service.
Recommended defensive actions
- Upgrade SD-330AC firmware to Ver 1.50 or later.
- Upgrade AMC Manager to Ver. 5.1.0 or later.
- Inventory deployments to identify systems running SD-330AC firmware 1.42 or earlier or AMC Manager 5.0.2 or earlier.
- Limit exposure of device management interfaces to trusted networks until remediation is complete.
- Monitor affected environments for availability degradation or unexpected service interruptions.
- Review the linked CISA, Silex Technology, and JPCERT/CC advisories for product-specific remediation guidance.
Evidence notes
All claims above are grounded in the supplied CISA CSAF advisory for ICSA-26-111-10 and its published remediation entries. The advisory states: a heap-based buffer overflow could allow specially crafted packets to cause a temporary denial-of-service condition; affected versions are SD-330AC <=1.42 and AMC Manager <=5.0.2; fixed versions are SD-330AC firmware 1.50+ and AMC Manager 5.1.0+. The CVSS vector supplied in the source is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, supporting a network-reachable availability issue. Publication and modification timestamps in the source are both 2026-04-21T06:00:00Z.
Official resources
-
CVE-2026-32961 CVE record
CVE.org
-
CVE-2026-32961 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in CSAF advisory ICSA-26-111-10 on 2026-04-21; the source revision history shows initial publication on the same date and no KEV listing was provided in the supplied data.