Silex Technology - Multiple Vulnerabilities Discovered

Silex Technology's SD-330AC and AMC Manager have critical vulnerabilities. Attackers could exploit these flaws to execute arbitrary code or cause denial-of-service. Users must update their systems immediately.

VulnerabilitiesHIGHUpdated: Apr 21, 2026Published: Apr 21, 2026

Vulnerability Identifier

CVE-2026-32955

8.8

High

CISA KEV: NO · Due 2026-04-09EPSS: 0.0% · 12.2%

Vendor

Silex Technology

Affected Product

Silex Technology SD-330AC <=1.42

Vulnerability TypeBuffer Overflow

CWE IDCWE-121

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Workaround AvailableYes — disable HTTP/HTTPS service.

CIA Triad Impact

High

Exploit Maturity

Unproven

PoC Available

Weaponized

Actively Exploited

Vulnerability Timeline

Reported to Vendor2026-01-10

Patch Released2026-02-15

Public Disclosure2026-04-20

Affected Environments

All platforms running Silex Technology SD-330AC

Patch Available

Yes — version 1.50

NVD References3 advisories

Technology

Check the firmware version of your SD-330AC and AMC Manager devices.

Verify if the HTTP/HTTPS services are enabled and disable them if not needed.

Ensure that you have updated to the latest firmware versions.

#cve-2026-32955#cve-2026-32956#cve-2026-32957#cve-2026-32958#silex_technology

Original Reporting

CICISA Advisories·CISA

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, there are serious security holes in Silex devices that hackers can use to take control.

What Happened

Silex Technology has identified multiple vulnerabilities in its SD-330AC and AMC Manager products. These vulnerabilities, if exploited, could allow attackers to execute arbitrary code, cause denial-of-service, or alter configuration settings without authentication. The affected versions are SD-330AC <=1.42 and AMC Manager <=5.0.2.

What's at Risk

The vulnerabilities include: These flaws can lead to unauthorized access and manipulation of device settings, posing significant risks to users and their data.

⚠️

CVE-2026-32955

Stack-based Buffer Overflow

🔓

CVE-2026-32956

Heap-based Buffer Overflow

📤

CVE-2026-32957

Missing Authentication for Critical Function

💀

CVE-2026-32958

Use of Hard-coded Cryptographic Key

🔥

CVE-2015-5621

Denial of Service vulnerability

Patch Status

Silex Technology has released updates to address these vulnerabilities:

SD-330AC firmware: Version 1.50 or later
AMC Manager: Version 5.1.0 or later Users are strongly advised to upgrade to these versions to mitigate risks.

Immediate Actions

To protect your devices: For more detailed information, refer to Silex Technology's security advisory and JPCERT/CC vulnerability notes.

Containment

1.Update to the latest firmware versions immediately.
2.Disable HTTP/HTTPS services if not needed, especially for CVE-2026-32955, CVE-2026-32956, CVE-2026-32957, and CVE-2026-32963.

Remediation

No additional steps required at this time.

🔒 Pro Insight

🔒 Pro insight: The vulnerabilities in Silex devices highlight the ongoing risks associated with industrial control systems and the importance of timely patch management.

CICISA Advisories· CISA

Read Original

Twitter LinkedIn WhatsApp Telegram

Related Pings

Vulnerabilities

MEDIUM

Zero Motorcycles Firmware - Bluetooth Vulnerability Exposed

A Bluetooth vulnerability in Zero Motorcycles firmware allows unauthorized access to critical functions. Versions 44 and earlier are at risk, prompting a firmware update in May 2026.

CICISA Advisories

Apr 21, 2026

Read Ping Read Source

Vulnerabilities

HIGH

Siemens SINEC NMS - Critical Authorization Bypass Vulnerability

Siemens has identified a critical authorization bypass vulnerability in its SINEC NMS, allowing attackers to reset user passwords. Users are urged to update to version 4.0 SP3 immediately.

CICISA Advisories

Apr 21, 2026

Read Ping Read Source

Vulnerabilities

HIGH

Hardy Barth Salia EV Charge Controller - Critical Vulnerabilities Found

Critical vulnerabilities have been found in the Hardy Barth Salia EV Charge Controller. These flaws could allow remote code execution and crash the device. Immediate action is recommended to secure affected systems.

CICISA Advisories

Apr 21, 2026

Read Ping Read Source

Vulnerabilities

CRITICAL

SenseLive X3050 - Critical Vulnerabilities Exposed

Critical vulnerabilities in the SenseLive X3050 could allow attackers to take full control of devices. Users are urged to act quickly to secure their systems. Contact SenseLive for more information.

CICISA Advisories

Apr 21, 2026

Read Ping Read Source

Preview image for VPN Misconfiguration - Major Cause of Cyber Intrusions

Vulnerabilities

HIGH

VPN Misconfiguration - Major Cause of Cyber Intrusions

VPN misconfigurations are a major security risk, leading to 70% of cyber intrusions. Organizations need to take immediate steps to secure their VPNs and protect sensitive data.

HNHuntress Blog

Apr 21, 2026

Read Ping Read Source

Vulnerabilities

CRITICAL

Azure SRE Agent - Critical Flaw Allows Unauthorized Eavesdropping

A critical flaw in Microsoft's Azure SRE Agent allows unauthorized access to sensitive data streams. This vulnerability affects enterprise operations, enabling eavesdropping on internal communications. Organizations should review their security measures immediately.

CSCSO Online

Apr 21, 2026

Read Ping Read Source

Silex Technology - Multiple Vulnerabilities Discovered

What Happened

What's at Risk

CVE-2026-32955

CVE-2026-32956

CVE-2026-32957

CVE-2026-32958

CVE-2015-5621

Patch Status

Immediate Actions

Containment

Remediation

Share

Related Pings

Zero Motorcycles Firmware - Bluetooth Vulnerability Exposed

Siemens SINEC NMS - Critical Authorization Bypass Vulnerability

Hardy Barth Salia EV Charge Controller - Critical Vulnerabilities Found

SenseLive X3050 - Critical Vulnerabilities Exposed

VPN Misconfiguration - Major Cause of Cyber Intrusions

Azure SRE Agent - Critical Flaw Allows Unauthorized Eavesdropping