Summary
RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) contains a vulnerability that could allow an attacker to escalate their own privileges. Siemens has released a new version for RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) and recommends to update to the latest version.
The following versions of Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary are affected:
- RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) vers:intdot/<5.8 (CVE-2026-27668)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 8.8 | Siemens | Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary | Incorrect Privilege Assignment |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Germany
Vulnerabilities
CVE-2026-27668
User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level.
Affected Products
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary
Siemens
RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P)
known_affected
Remediations
Vendor fix
Update to V5.8 or later version
https://support.industry.siemens.com/cs/ww/en/view/110000841/
Relevant CWE: CWE-266 Incorrect Privilege Assignment
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Acknowledgments
- Siemens ProductCERT reported this vulnerability to CISA.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
When remote access is required, use more secu
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: