Privilege Escalation Vulnerability in RUGGEDCOM CROSSBOW Secure Access Manager
CVE-2026-27668

8.7HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Crossbow Secure Access Manager Primary (sam-p)
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-27668?

A privilege escalation vulnerability exists in the RUGGEDCOM CROSSBOW Secure Access Manager Primary, impacting all versions prior to V5.8. This flaw allows an authenticated User Administrator to manage groups to which they belong. Consequently, a malicious user could exploit this capability to escalate their privileges, enabling them to access any device group at any access level. This not only compromises the integrity of user administration but also potentially exposes sensitive devices and operations to unauthorized access.

Affected Version(s)

RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7415...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27668 Data

JSON

Siemens

What is CVE-2026-27668?

Affected Version(s)

References

CVSS V4

Timeline