CVE-2026-32964 Raw CVE debrief

Who should care

OT/ICS operators, network and system administrators, and security teams responsible for Silex SD-330AC devices or AMC Manager installations, especially where administrative access is reachable across trusted-but-broad networks.

Technical summary

The supplied CISA advisory identifies a CRLF injection weakness (CWE-93) affecting Silex Technology SD-330AC firmware 1.42 and earlier, and AMC Manager 5.0.2 and earlier. The published CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L, scoring 6.5 (Medium), which indicates a remotely reachable issue with integrity and availability impact. The vendor remediations listed in the advisory are SD-330AC firmware 1.50 or later and AMC Manager 5.1.0 or later.

Defensive priority

Medium, with prompt attention for exposed OT management assets. While the CVSS score is moderate, configuration tampering in industrial or managed environments can still create meaningful operational risk.

Recommended defensive actions

• Upgrade SD-330AC devices to firmware 1.50 or later.
• Upgrade AMC Manager to version 5.1.0 or later.
• Restrict access to device and management interfaces, and segment OT networks following CISA ICS recommended practices.
• Review configuration history and logs for unexpected entries or changes.
• If administrative exposure is broader than necessary, isolate or disable access paths that are not required for operations.

Evidence notes

Primary evidence comes from the CISA CSAF advisory and the supplied source item, both dated 2026-04-21. The source explicitly states that the CRLF injection vulnerability could allow arbitrary entries into the system configuration and lists vendor remediation versions. The supplied corpus does not include KEV placement, ransomware attribution, or exploit details. The advisory also includes SSVCv2/E:N/A:N/2026-04-20T06:00:00.000000Z.

Official resources