Back to overview

CVE-2026-56451

CRITICAL
10.0
CVSS 3.1
Description
A vulnerability has been identified in Opcenter X (All versions < V2604). Affected applications do not properly validate the algorithm specified in the JSON Web Token (JWT) header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersonate any user including administrative accounts, potentially gaining full unauthorized access to the application.

Metadata

CVE ID
CVE-2026-56451
State
PUBLISHED
Assigner
siemens
Reserved
2026-06-22 13:17 UTC
Published
2026-07-14 09:19 UTC
Last updated
2026-07-14 09:19 UTC
Primary CWE
CWE-347
CWE-347: Improper Verification of Cryptographic Signature
Vendor / Product
Siemens / Opcenter X
Sources
cve.org  ·  NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
Siemens Opcenter X 0 < V2604
Weakness (CWE)
CWESourceDescription
CWE-347 cna CWE-347: Improper Verification of Cryptographic Signature
CVSS scores (2)
ScoreSeverityVersionSourceVector
10.0 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 CRITICAL 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:H
Back to overview