CVE 8.8 HIGH

CVE-2026-27668_CVE-2026-27668

April 14, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level.

AI Analysis

Privilege escalation vulnerability in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) allowing authenticated User Administrators to grant themselves access to any device group

Basic Information

ID CVE-2026-27668

Source siemens

Published Apr 14, 2026 at 08:40

Affected Product

Vendor Siemens

Product RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P)

Affected Versions Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) 0

CWE Classification

CWE-266

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Siemens

Product RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P)

Version All versions < V5.8

References

cert-portal.siemens.com /productcert/html/ssa-741509.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level.",
    "published": "2026-04-14T08:40:45.661Z",
    "modified": "2026-04-14T08:40:45.661Z",
    "type": "cve",
    "title": "CVE-2026-27668",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-741509.html",
    "id": "CVE-2026-27668",
    "bulletinFamily": "",
    "cwe": [
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P)",
    "version": "0",
    "vendor": "Siemens",
    "ai_description": "Privilege escalation vulnerability in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) allowing authenticated User Administrators to grant themselves access to any device group",
    "ai_severity": "High",
    "ai_vendor": "Siemens",
    "ai_product": "RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P)",
    "ai_version": "All versions < V5.8",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply