PatchSiren cyber security CVE debrief
CVE-2026-32965 Raw CVE debrief
CVE-2026-32965 is a high-severity insecure-default issue in Silex Technology SD-330AC and AMC Manager. According to CISA’s advisory, an attacker using the factory default configuration may be able to configure the device with a null-string password. The published guidance includes vendor fixes and a direct mitigation to set a password for the settings web interface.
- Vendor
- Raw
- Product
- Silex Technology SD-330AC <=1.42 AMC Manager <=5.0.2
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-21
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-21
- Advisory updated
- 2026-04-21
Who should care
Organizations that deploy or manage Silex Technology SD-330AC devices and AMC Manager, especially teams responsible for OT/ICS network administration, device provisioning, and configuration hardening. Anyone operating factory-default installations should prioritize this immediately.
Technical summary
The advisory describes an Initialization of a Resource with an Insecure Default weakness. Impacted products are Silex Technology SD-330AC firmware versions up to 1.42 and AMC Manager versions up to 5.0.2. The issue is exploitable in the factory-default configuration, where a null-string password may permit configuration access. CISA lists a CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N with a score of 7.5, indicating network-reachable unauthorized configuration impact without user interaction.
Defensive priority
High. The combination of default-configuration exposure, no required privileges, and direct configuration impact makes this a priority for immediate password-hardening and upgrade planning, especially on any externally reachable or broadly reachable management interface.
Recommended defensive actions
- Update SD-330AC firmware to version 1.50 or later.
- Update AMC Manager to version 5.1.0 or later.
- Set a strong password for the settings web interface, especially on any device still in factory-default configuration.
- Inventory deployed Silex Technology SD-330AC and AMC Manager instances to identify versions at or below the affected releases.
- Restrict access to device management interfaces to trusted administrative networks until remediation is complete.
- Validate remediation by confirming installed versions and verifying that the settings web interface no longer accepts a null-string password.
Evidence notes
All core facts are drawn from the supplied CISA CSAF advisory for ICSA-26-111-10 and the embedded CVE metadata. The advisory states the affected products and versions, the insecure-default/null-string-password behavior, and the vendor fix versions. The supplied CVSS vector and score are 7.5 / AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The advisory publication date and CVE publication date both resolve to 2026-04-21T06:00:00.000Z.
Official resources
-
CVE-2026-32965 CVE record
CVE.org
-
CVE-2026-32965 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and the CVE on 2026-04-21T06:00:00.000Z. The supplied source does not indicate a KEV listing.