ICSA-26-111-10 · Published 2026-04-21 · View on CISA ICS-CERT ↗

Silex Technology SD-330AC and AMC Manager

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication.

CVEs (13)

CVE-2026-32955 CVE-2026-32956 CVE-2026-32957 CVE-2026-32958 CVE-2015-5621 CVE-2026-32959 CVE-2026-32960 CVE-2026-32961 CVE-2026-32962 CVE-2024-24487 CVE-2026-32963 CVE-2026-32964 CVE-2026-32965

Remediations

The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later
AMC Manager Ver.5.1.0 or later
CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963: Disable HTTP/HTTPS service.
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
CVE-2026-32958 and CVE-2026-32965: Set a password for the settings web interface.
CVE-2015-5621: Disable SNMP service.

Affected Vendors

Silex Technology

Affected Products (2)

Silex Technology · SD-330AC <=1.42

Silex Technology · AMC Manager <=5.0.2

Affected Sectors

Information Technology

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more