Ruggedcom Crossbow Secure Access Manager Primary Sam P
Monthly
Privilege escalation in Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) versions prior to V5.8 allows authenticated User Administrators to escalate their own privileges through improper group administration controls. Authenticated attackers with low-privilege User Administrator credentials can exploit flawed group membership logic to grant themselves unrestricted access to any device group at any access level, achieving full administrative control over critical industrial infrastructure. CVSS 8.8 (High) reflects network-accessible attack vector with low complexity and no user interaction required. No public exploit identified at time of analysis, though the attack path is straightforward for authenticated insiders.
Privilege escalation in Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) versions prior to V5.8 allows authenticated User Administrators to escalate their own privileges through improper group administration controls. Authenticated attackers with low-privilege User Administrator credentials can exploit flawed group membership logic to grant themselves unrestricted access to any device group at any access level, achieving full administrative control over critical industrial infrastructure. CVSS 8.8 (High) reflects network-accessible attack vector with low complexity and no user interaction required. No public exploit identified at time of analysis, though the attack path is straightforward for authenticated insiders.