HIGHCVE-2026-27668Published 2026-04-14Modified 2026-04-14CNA siemens

CVE-2026-27668: A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: V5.8
Affected Products: 1

Fix available

V5.8

Affected packages

Siemens / RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P)
< V5.8 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

cert-portal.siemens.com

Metrics

Fix available