RUGGEDCOM CROSSBOW SAM-P Privilege Escalation Identified

A critical privilege escalation vulnerability, tracked as CVE-2026-27668, has been identified in Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) across all versions prior to V5.8. According to the National Vulnerability Database, this flaw allows authenticated User Administrators to administer groups they are already a part of. This seemingly innocuous permission opens the door for a significant security bypass.

The real kicker here is that a User Administrator, leveraging this vulnerability, can elevate their own privileges. They can grant themselves access to any device group, at any access level, effectively sidestepping the intended security controls. The National Vulnerability Database has assigned this a CVSSv3 score of 8.8, classifying it as HIGH severity. The vector, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, points to a network-exploitable vulnerability requiring low privileges, with no user interaction, leading to high impacts on confidentiality, integrity, and availability. This is a classic example of CWE-266, Incorrect Privilege Assignment, and it’s a nasty one given the potential for full system compromise.