Changeflow GovPing Data Privacy & Cybersecurity Silex Technology SD-330AC and AMC Manager 12 Cr...
Priority review Guidance Added Final

Silex Technology SD-330AC and AMC Manager 12 Critical Vulnerabilities

Favicon for www.cisa.gov CISA ICS-CERT Advisories
Published
Detected
Email

Summary

CISA ICS-CERT published advisory ICSA-26-111-10 disclosing 12 critical vulnerabilities in Silex Technology SD-330AC (firmware <=1.42) and AMC Manager (<=5.0.2) devices. Vulnerabilities include stack-based buffer overflow (CVSS 8.8), heap-based buffer overflow (CVSS 9.8), missing authentication for critical functions, hard-coded cryptographic keys, and improper input neutralization. Successful exploitation could allow arbitrary code execution, denial-of-service, or unauthorized configuration changes without authentication. Vendor fixes are available: SD-330AC firmware Ver 1.50 or later and AMC Manager Ver.5.1.0 or later.

Published by CISA ICS-CERT on cisa.gov . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

CISA ICS-CERT released advisory ICSA-26-111-10 identifying 12 vulnerabilities in Silex Technology SD-330AC and AMC Manager industrial control system devices. The most severe vulnerability (CVE-2026-32956, heap-based buffer overflow) carries a CVSS score of 9.8 CRITICAL and could allow remote code execution without authentication. Affected parties include operators of industrial control systems deploying these devices, particularly in information technology critical infrastructure sectors. Organizations should immediately apply vendor-released firmware updates (SD-330AC Ver 1.50+, AMC Manager Ver.5.1.0+) and consider disabling HTTP/HTTPS services as an interim mitigation per CISA guidance.

Archived snapshot

Apr 22, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

ICS Advisory

Silex Technology SD-330AC and AMC Manager

Release Date

April 21, 2026

Alert Code ICSA-26-111-10 Related topics: Industrial Control System Vulnerabilities, Industrial Control Systems View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication.

The following versions of Silex Technology SD-330AC and AMC Manager are affected:

  • SD-330AC <=1.42 (CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, CVE-2026-32958, CVE-2015-5621, CVE-2026-32959, CVE-2026-32960, CVE-2026-32961, CVE-2026-32962, CVE-2024-24487, CVE-2026-32963, CVE-2026-32964, CVE-2026-32965)
  • AMC Manager <=5.0.2 (CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, CVE-2026-32958, CVE-2015-5621, CVE-2026-32959, CVE-2026-32960, CVE-2026-32961, CVE-2026-32962, CVE-2024-24487, CVE-2026-32963, CVE-2026-32964, CVE-2026-32965)
CVSS Vendor Equipment Vulnerabilities
v3 9.8 Silex Technology Silex Technology SD-330AC and AMC Manager Stack-based Buffer Overflow, Heap-based Buffer Overflow, Missing Authentication for Critical Function, Use of Hard-coded Cryptographic Key, Dependency on Vulnerable Third-Party Component, Use of a Broken or Risky Cryptographic Algorithm, Sensitive Information in Resource Not Removed Before Reuse, Incorrect Privilege Assignment, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Neutralization of CRLF Sequences ('CRLF Injection'), Initialization of a Resource with an Insecure Default

Background

  • Critical Infrastructure Sectors: Information Technology
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Japan

Vulnerabilities

A Stack-based Buffer Overflow vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to execute arbitrary code on the device.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963: Disable HTTP/HTTPS service.

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-121 Stack-based Buffer Overflow

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A Heap-based Buffer Overflow vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to execute arbitrary code on the device.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963: Disable HTTP/HTTPS service.

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-122 Heap-based Buffer Overflow

Metrics

| --- | --- | --- | --- |
| 3.1 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |

A Missing Authentication for Critical Function vulnerability in Silex Technology SD-330AC and AMC Manager could allow uploads of arbitrary files to the device without authentication.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963: Disable HTTP/HTTPS service.

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

| --- | --- | --- | --- |
| 3.1 | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |

A Use of Hard-coded Cryptographic Key vulnerability in Silex Technology SD-330AC and AMC Manager could cause an administrative user to be directed to apply a fake firmware update.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
CVE-2026-32958 and CVE-2026-32965: Set a password for the settings web interface.

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-321 Use of Hard-coded Cryptographic Key

Metrics

| --- | --- | --- | --- |
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |

The snmppduparse function in snmpapi.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmpvariable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash).

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
CVE-2015-5621: Disable SNMP service.

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-1395 Dependency on Vulnerable Third-Party Component

Metrics

| --- | --- | --- | --- |
| 3.1 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to retrieve information via a man-in-the-middle attack.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Metrics

| --- | --- | --- | --- |
| 3.1 | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |

A Sensitive Information in Resource Not Removed Before Reuse vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to send specially crafted packets that may allow the attacker to login to the device.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-226 Sensitive Information in Resource Not Removed Before Reuse

Metrics

| --- | --- | --- | --- |

A Heap-based Buffer Overflow vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to send specially crafted packets that may cause a temporary denial-of-service (DoS) condition.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-122 Heap-based Buffer Overflow

Metrics

| --- | --- | --- | --- |
| 3.1 | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |

A Missing Authentication for Critical Function vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to alter the device configuration without authentication.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

| --- | --- | --- | --- |

An issue discovered in Silex Technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-266 Incorrect Privilege Assignment

Metrics

| --- | --- | --- | --- |
| 3.1 | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H |

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to trick a user into accessing a special web page and execute arbitrary script on the user's browser.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963: Disable HTTP/HTTPS service.

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

| --- | --- | --- | --- |
| 3.1 | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |

An Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker to inject arbitrary entries into the system configuration.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

Metrics

| --- | --- | --- | --- |
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |

An Initialization of a Resource with an Insecure Default vulnerability in Silex Technology SD-330AC and AMC Manager could allow an attacker using the factory default configuration to configure the device using the null string password.

View CVE Details

Affected Products

Silex Technology SD-330AC and AMC Manager

Vendor:
Silex Technology Product Version:
Silex Technology SD-330AC: <=1.42, Silex Technology AMC Manager: <=5.0.2 Product Status:
known_affected

Remediations

Vendor fix
The developer has released the following versions to address this vulnerability: SD-330AC firmware Ver 1.50 or later

Vendor fix
AMC Manager Ver.5.1.0 or later

Mitigation
CVE-2026-32958 and CVE-2026-32965: Set a password for the settings web interface.

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/en/2026-001

Mitigation
For more information, see Silex Technology's security advisory in English (https://www.silex.jp/support/security-advisories/en/2026-001) or in Japanese (https://www.silex.jp/support/security-advisories/2026-001).
https://www.silex.jp/support/security-advisories/2026-001

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/en/vu/JVNVU94271449/

Mitigation
For more information, see JPCERT/CC vulnerability notes in English (https://jvn.jp/en/vu/JVNVU94271449/) or in Japanese (https://jvn.jp/vu/JVNVU94271449/).
https://jvn.jp/vu/JVNVU94271449/

Relevant CWE: CWE-1188 Initialization of a Resource with an Insecure Default

Metrics

| --- | --- | --- | --- |
| 3.1 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |

Acknowledgments

  • Francesco La Spina of Forescout Technologies reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-04-21
Date Revision Summary
2026-04-21 1 Initial Publication

Legal Notice and Terms of Use

This product is provided subject to this Notification and this Privacy & Use policy.

Vendor

  • Silex Technology

Tags

Sector: Information Technology Sector Topics: Industrial Control System Vulnerabilities, Industrial Control Systems

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.

Related Advisories

Apr 21, 2026

ICS Advisory | ICSA-26-111-04

Siemens Analytics Toolkit

Apr 21, 2026

ICS Advisory | ICSA-26-111-02

Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary

Apr 21, 2026

ICS Advisory | ICSA-26-111-03

Siemens SINEC NMS

Apr 21, 2026

ICS Advisory | ICSA-26-111-12

SenseLive X3050

Mentioned entities

Cybersecurity and Infrastructure Security Agency

Parties

Silex Technology

Related changes

Favicon for www.cisa.gov CISA Announces Virtual Town Halls on Cyber Incident Reporting Rulemaking for Critical Infrastructure
Routine Apr 20, 2026 US CISA News Data Privacy & Cybersecurity
Favicon for www.cisa.gov CISA Adds Eight Known Exploited Vulnerabilities to Catalog
Routine Apr 20, 2026 US CISA Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov Siemens RUGGEDCOM CROSSBOW SAC SQLite Vulnerability CVE-2025-6965
Priority review Apr 22, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity

Get daily alerts for CISA ICS-CERT Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cisa.gov
CISA ICS-CERT Advisories cisa.gov/rss.xml
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CISA ICS-CERT.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CISA ICS-CERT
Published
April 21st, 2026
Instrument
Guidance
Branch
Executive
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Manufacturers
Industry sector
3341 Computer & Electronics Manufacturing
Activity scope
ICS vulnerability disclosure Device firmware patching Network security remediation
Geographic scope
United States US

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Critical Infrastructure Data Privacy

Browse Categories

Agriculture & Food Safety 73 AI Regulation 3 Banking & Finance 414 Consumer Protection 89 Courts & Legal 411 Data Privacy & Cybersecurity 90 Defense & National Security 53 Education 55 Energy 100 Environment 152 Gaming 2 Government & Legislation 431 Healthcare 15 Healthcare & Life Sciences 375 Immigration 10 Insurance 76 Labor & Employment 138 Pharma & Drug Safety 21 Professional Licensing 8 Real Estate & Housing 78 Securities & Markets 154 Tax 78 Telecom & Technology 47 Trade & Sanctions 141 Transportation 91

Get alerts for this source

We'll email you when CISA ICS-CERT Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!