An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.
https://fortiguard.fortinet.com/psirt/FG-IR-24-544
https://cert-portal.siemens.com/productcert/html/ssa-864900.html