CVE-2026-27668 | THREATINT

Description

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level.

PUBLISHED Reserved 2026-02-23 | Published 2026-04-14 | Updated 2026-04-14 | Assigner siemens

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-266: Incorrect Privilege Assignment

Product status

Default status

unknown

Any version before V5.8

affected

References

cert-portal.siemens.com/productcert/html/ssa-741509.html

cve.org (CVE-2026-27668)

nvd.nist.gov (CVE-2026-27668)

Download JSON