Unauthorized Access to Device Groups in RUGGEDCOM CROSSBOW SAM-P

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.7

Unauthorized Access to Device Groups in RUGGEDCOM CROSSBOW SAM-P

CVE-2026-27668

Summary

A security issue in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) versions before V5.8 allows administrators to access and control device groups they belong to. This could enable an administrator to gain excessive privileges and access sensitive areas of the system. To address this, update SAM-P to version 5.8 or later.

Original title

Original description

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level.

nvd CVSS3.1 8.8

nvd CVSS4.0 8.7

Vulnerability type

CWE-266 Incorrect Privilege Assignment

https://cert-portal.siemens.com/productcert/html/ssa-741509.html

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026