Back to overview

CVE-2026-10714

HIGH
8.8
CVSS 4.0
Description
A security issue exists within FactoryTalk® Services Platform (FTSP), allowing an attacker to bypass JWT signature validation during Okta Web Authentication. The vulnerability stems from the application not verifying that the JWT algorithm is configured for RSA, enabling an attacker to set the algorithm to "none" and craft forged tokens. This could allow an authenticated low-privilege user to impersonate any authorized user on the FTSP server, resulting in unauthorized access to system configuration and the ability to grant permissions to other systems protected by FTSP.

Metadata

CVE ID
CVE-2026-10714
State
PUBLISHED
Assigner
Rockwell
Reserved
2026-06-02 19:25 UTC
Published
2026-07-14 15:02 UTC
Last updated
2026-07-14 15:26 UTC
Primary CWE
CWE-1390
CWE-1390: Weak Authentication
Vendor / Product
Rockwell Automation / FactoryTalk® Services Platform
Sources
cve.org  ·  NVD

Severity & Metrics

8.8 HIGH CVSS 4.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
Rockwell Automation FactoryTalk® Services Platform Version 6.60
Weakness (CWE)
CWESourceDescription
CWE-1390 cna CWE-1390: Weak Authentication
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.8 HIGH 4.0 cna CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Back to overview