IM
IronMonkey Threat Research
‹ Back to ICS Advisories

SSA-096828: Token Invalidation Vulnerability in Opcenter X Before V2604

CRITICAL
CVSS 10.0
Date 2026-07-14T00:00:00+00:00
Source siemens-productcert
Published by Siemens ProductCERT

// Description

Opcenter X before V2604 contain an authentication bypass vulnerability that could allow an attacker to gain full unauthorized access to the application. Siemens has released a new version for Opcenter X and recommends to update to the latest version.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2026-56451 10.0 critical
CVE-2026-56451. Affected applications do not properly validate the algorithm specified in the JSON Web Token (JWT) header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersonate any user including administrative accounts, potentially gaining full unauthorized access to the application.

// Remediations (1)

Patch: Update to V2604 or later version
Update to V2604 or later version

// References