No analysis available yet.
Vendor Solution
Apply patch RAID 1158263 https://support.rockwellautomation.com/app/answers/answer_view/a_id/1158263/~/patch%3A-okta-authentication-improvements%2C-factorytalk-services-6.60-
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Rockwellautomation
Rockwellautomation factorytalk Services Platform |
|
| Vendors & Products |
Rockwellautomation
Rockwellautomation factorytalk Services Platform |
Tue, 14 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jul 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A security issue exists within FactoryTalk® Services Platform (FTSP), allowing an attacker to bypass JWT signature validation during Okta Web Authentication. The vulnerability stems from the application not verifying that the JWT algorithm is configured for RSA, enabling an attacker to set the algorithm to "none" and craft forged tokens. This could allow an authenticated low-privilege user to impersonate any authorized user on the FTSP server, resulting in unauthorized access to system configuration and the ability to grant permissions to other systems protected by FTSP. | |
| Title | Rockwell Automation FactoryTalk® Services Platform FTSP - Weak Authentication via JWT Validation Bypass | |
| Weaknesses | CWE-1390 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: Rockwell
Published:
Updated: 2026-07-14T15:26:53.203Z
Reserved: 2026-06-02T19:25:13.142Z
Link: CVE-2026-10714
Updated: 2026-07-14T15:26:49.081Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-14T16:30:04Z
-
CWE-1390
Weak Authentication