Silex Technology SD-330AC and AMC Manager

Act NowCVSS 9.8ICS-CERT ICSA-26-111-10Apr 21, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Silex Technology SD-330AC network appliances and AMC Manager contain multiple critical vulnerabilities including buffer overflow (CWE-121, CWE-122), weak cryptography (CWE-327), missing authentication (CWE-306), and improper input validation (CWE-79, CWE-93). These vulnerabilities allow unauthenticated remote attackers to execute arbitrary code, alter device configuration, or cause denial-of-service conditions via HTTP/HTTPS requests. SD-330AC versions 1.42 and earlier and AMC Manager versions 5.0.2 and earlier are affected.

What this means

What could happen

An attacker without credentials could execute arbitrary code on SD-330AC network appliances or AMC Manager systems over the network, potentially disrupting network communication, altering device configuration, or causing service outages in connected industrial networks.

Who's at risk

Network administrators and engineers operating Silex Technology SD-330AC secure network appliances and AMC Manager systems in manufacturing, power generation, water treatment, and other critical infrastructure environments where these devices manage network connectivity and remote access to control systems.

How it could be exploited

An attacker sends specially crafted HTTP/HTTPS requests to the SD-330AC or AMC Manager web service. Due to insufficient input validation and authentication checks, the requests can trigger memory corruption or code execution vulnerabilities. No authentication or user interaction is required.

Prerequisites

Network access to HTTP or HTTPS service on SD-330AC or AMC Manager (default ports 80/443)
No credentials required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (13.9%)affects critical network appliances

Exploitability

Likely to be exploited — EPSS score 13.9%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SD-330AC≤ 1.42Fix available

AMC Manager≤ 5.0.2Fix available

Remediation & Mitigation

0/4

Do now

0/2

SD-330AC

WORKAROUNDDisable HTTP/HTTPS service on SD-330AC and AMC Manager if not required for operations

HARDENINGRestrict network access to SD-330AC and AMC Manager web services to trusted administrative networks only using firewall rules

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SD-330AC

HOTFIXUpdate SD-330AC firmware to version 1.50 or later

AMC Manager

HOTFIXUpdate AMC Manager to version 5.1.0 or later

CVEs (13)

CVE-2026-32955 CVE-2026-32956 CVE-2026-32957 CVE-2026-32958 CVE-2015-5621 CVE-2026-32959 CVE-2026-32960 CVE-2026-32961 CVE-2026-32962 CVE-2024-24487 CVE-2026-32963 CVE-2026-32964 CVE-2026-32965

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2019355a-8ea5-4d34-8b39-47d8fb0369b0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.