CVE-2026-27668
RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) contains a vulnerability that could allow an attacker to escalate their own privileges. Siemens has released a new version for RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) and recommends to update to the latest version. The following versions of Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary are affected: RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) vers:intdot/ CVSS Vendor Equipment Vulnerabilities v3 8.8 Siemens Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary Incorrect Privilege Assignment Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany
EPSS 0.05% · 16.1th percentile
Risk Scores
Exploit Intelligence
- CIRCL seen: CVE-2026-27668 (circl-sighting)
- CIRCL seen: CVE-2026-27668 (circl-sighting)
- CIRCL seen: CVE-2026-27668 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-741509.html (circl)
Timeline
- Apr 14, 2026 CVE Published
- Apr 14, 2026 PoC Published
- Apr 14, 2026 PoC Published
- Apr 14, 2026 PoC Published
- Apr 14, 2026 Security Advisory
- Apr 14, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-02 advisory
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-02.json advisory
- https://www.cve.org/CVERecord?id=CVE-2026-27668 technical
- https://support.industry.siemens.com/cs/ww/en/view/110000841/ vendor
- https://cwe.mitre.org/data/definitions/266.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H technical