Skip to main content

Opcenter X

1 CVEs product

Monthly

CVE-2026-56451 CRITICAL Act Now

Authentication bypass in Siemens Opcenter X (all versions before V2604) lets an unauthenticated remote attacker forge JSON Web Tokens by exploiting improper validation of the algorithm field in the JWT header. Because the application trusts the attacker-controlled 'alg' value, an attacker can craft tokens that impersonate any user - including administrators - yielding full unauthorized access to the manufacturing operations platform. Rated CVSS 10.0 with a scope-changing critical impact; no public exploit identified at time of analysis and it is not currently in CISA KEV.

Authentication Bypass Jwt Attack Opcenter X
NVD
CVSS 4.0
10.0
EPSS
0.4%
EPSS 0% CVSS 10.0
CRITICAL Act Now

Authentication bypass in Siemens Opcenter X (all versions before V2604) lets an unauthenticated remote attacker forge JSON Web Tokens by exploiting improper validation of the algorithm field in the JWT header. Because the application trusts the attacker-controlled 'alg' value, an attacker can craft tokens that impersonate any user - including administrators - yielding full unauthorized access to the manufacturing operations platform. Rated CVSS 10.0 with a scope-changing critical impact; no public exploit identified at time of analysis and it is not currently in CISA KEV.

Authentication Bypass Jwt Attack Opcenter X
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy