PT-2026-58004 · Siemens · Opcenter X
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-56451
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Opcenter X versions prior to V2604
Description
An issue exists where the application fails to properly validate the algorithm specified in the JSON Web Token (JWT) header. This flaw allows an unauthenticated remote attacker to forge arbitrary JWTs, bypass authentication mechanisms, and impersonate any user, including administrative accounts, which could lead to full unauthorized access to the application.
Recommendations
Update to version V2604 or later.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opcenter X