Full Report
RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) contains a vulnerability that could allow an attacker to escalate their own privileges. Siemens has released a new version for RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Privilege Escalation in Siemens RUGGEDCOM CROSSBOW SAM-P
## CVE Details
- **CVE ID:** CVE-2026-27668
- **CVSS Score:**
- CVSS v3.1: 8.8 (High)
- CVSS v4.0: 8.7 (High)
- **CWE:** CWE-266: Incorrect Privilege Assignment
## Affected Systems
- **Products:** RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P)
- **Versions:** All versions prior to V5.8
- **Configurations:** Systems utilizing "User Administrator" roles for group management.
## Vulnerability Description
The vulnerability exists due to an incorrect privilege assignment logic where User Administrators are permitted to administer the security groups of which they are members. Because of this flaw, an authenticated User Administrator can modify their own group permissions or assignments. This allows the attacker to escalate their privileges to any access level and grant themselves unauthorized access to any device group managed by the CROSSBOW system.
## Exploitation
- **Status:** Not currently reported as exploited in the wild; no PoC available in the provided advisory.
- **Complexity:** Low
- **Attack Vector:** Network (Remote exploitation by an authenticated user)
## Impact
- **Confidentiality:** High (Full access to sensitive device groups and management data)
- **Integrity:** High (Ability to modify group assignments and access levels)
- **Availability:** High (Potential to disrupt device management or change critical configurations)
## Remediation
### Patches
- **Update to V5.8 or later:** Siemens has released RUGGEDCOM CROSSBOW SAM-P V5.8 to address this vulnerability. The update can be found via the Siemens Industry Online Support portal: hxxps://support.industry.siemens.com/cs/ww/en/view/110000841/
### Workarounds
- **Strict Role Review:** Limit the number of users assigned the "User Administrator" role.
- **Network Segmentation:** Protect network access to the SAM-P device with appropriate firewalls and mechanisms as per Siemens' operational guidelines.
## Detection
- **Audit Logs:** Monitor RUGGEDCOM CROSSBOW audit logs for unusual or unauthorized changes to group memberships or privilege assignments initiated by User Administrators.
- **Access Review:** Regularly perform a manual review of User Administrator accounts and their associated group permissions to ensure no unauthorized escalation has occurred.
## References
- **Siemens Security Advisory SSA-741509:** hxxps://cert-portal.siemens.com/productcert/html/ssa-741509.html
- **Siemens Industrial Security Guidelines:** hxxps://www.siemens.com/cert/operational-guidelines-industrial-security
- **Siemens ProductCERT:** hxxps://www.siemens.com/cert/advisories