External risk intelligence

Attackers can take over Silex SD-330AC and AMC Manager devices.

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-32956

An external attacker can exploit Silex SD-330AC and AMC Manager to run unauthorized code on the device. This flaw could grant them full control over network hardware, potentially allowing them to compromise your network or establish persistent access.

2Halo Surface Signal

Buffer Overflow

Silextechnology Sd 330ac Firmware

before 1.50before 5.1.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-32956

The product is network hardware and a management interface, which are typically deployed within internal network segments. While these services are network-reachable, they are generally protected by internal access controls and are not designed or intended to be exposed directly to the public internet.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A heap-based buffer overflow vulnerability exists in silex technology's SD-330AC and AMC Manager products. This issue allows for arbitrary code execution on affected devices, which could compromise their operation.

  • Arbitrary code execution is possible.
  • This impacts specific silex technology products.
  • The vulnerability is reachable from the internet.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this heap-based buffer overflow vulnerability by sending specially crafted redirect URLs to vulnerable SD-330AC devices or AMC Manager instances. This could lead to arbitrary code execution on the targeted device, allowing the attacker to compromise the system.

  • Network access required
  • Vulnerable to crafted redirect URLs
  • No user interaction needed

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows for arbitrary code execution on network devices due to a heap-based buffer overflow when processing redirect URLs. Given the critical severity and network accessibility of the affected products, attackers may find this attractive for compromising critical infrastructure or as a pivot point into internal networks, although immediate widespread weaponization is not yet observed.

  • No public exploit code exists.
  • No known active exploitation.
  • Products are typically internal.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Focus on identifying and isolating systems running affected versions of SD-330AC or AMC Manager due to the critical heap-based buffer overflow vulnerability. Prioritize containment for devices where immediate patching is not feasible, especially given the potential for arbitrary code execution.

  • Block network access to vulnerable devices.
  • Monitor for unusual network traffic patterns.
  • Apply vendor patches when available.

Frequently asked questions

What is CVE-2026-32956 and how does it affect Silex devices?

CVE-2026-32956 is a critical heap-based buffer overflow vulnerability in Silex Technology's SD-330AC and AMC Manager products. It allows remote attackers to execute arbitrary code on affected devices by sending specially crafted redirect URLs. This can lead to a complete compromise of the device, potentially allowing attackers to pivot into internal networks.

What type of weakness does CVE-2026-32956 represent?

CVE-2026-32956 is classified as a heap-based buffer overflow vulnerability, corresponding to CWE-122. This means that a flaw in how the software handles data in memory can be exploited to overwrite adjacent memory, potentially allowing an attacker to execute their own code on the device.

How can an attacker exploit the CVE-2026-32956 vulnerability in Silex devices?

An attacker can exploit this vulnerability by sending a maliciously crafted redirect URL to the vulnerable Silex SD-330AC or AMC Manager devices. This attack is network-accessible, requires no authentication, and can be executed remotely without user interaction, leading to arbitrary code execution.

What is the relevance of CVE-2026-32956 in industrial environments?

The Silex SD-330AC is a wireless serial device server commonly used in industrial environments to connect legacy serial devices like PLCs and meters to networks. Exploiting CVE-2026-32956 on these devices can grant attackers a foothold within operational technology (OT) environments, potentially impacting critical infrastructure and industrial control systems.

What are the recommended steps to mitigate CVE-2026-32956?

The primary mitigation is to upgrade Silex SD-330AC firmware to version 1.50 or later and AMC Manager to version 5.1.0 or later. Until patching is complete, it is recommended to disable HTTP and HTTPS management services on affected devices. Additionally, changing the default null-string administrator password is crucial to neutralize related vulnerabilities.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified