CVE-2026-32962 Raw CVE debrief

Who should care

Organizations that deploy or administer Silex Technology SD-330AC devices or AMC Manager, especially teams responsible for device configuration, network segmentation, and patch management.

Technical summary

The published advisory states that authentication is missing for a critical function in Silex Technology SD-330AC and AMC Manager, allowing unauthorized configuration changes. The affected versions listed in the source are SD-330AC firmware 1.42 and earlier, and AMC Manager 5.0.2 and earlier. CISA lists the CVSS v3.1 vector as AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Defensive priority

Medium. The vulnerability is remotely reachable according to the CVSS vector and can affect device integrity, but the published score is moderate and no confidentiality or availability impact is listed.

Recommended defensive actions

• Upgrade SD-330AC firmware to version 1.50 or later.
• Upgrade AMC Manager to version 5.1.0 or later.
• Review device access controls and restrict management interfaces to trusted administrative networks.
• Verify whether any configuration changes occurred unexpectedly before and after patching.
• Use the linked vendor and JPCERT/CC advisories to confirm device-specific remediation steps.

Evidence notes

All core facts in this debrief come from the CISA CSAF advisory for ICSA-26-111-10 and its listed remediation entries. The source explicitly states a missing authentication for critical function, the affected product/version ranges, and the fixed versions. The timeline used here is the advisory publication date of 2026-04-21; no later generation or review date is treated as the CVE issue date.

Official resources