Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Adjacent access to the controller's communication link is required (AV:A); no authentication or interaction needed (PR:N/UI:N); only confidentiality of traffic is impacted (C:H, I:N, A:N).
Primary rating from Vendor (SEC-VLab).
CVSS VectorVendor: SEC-VLab
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.
AnalysisAI
Cryptographic key disclosure in Wertheim SafeController Family 65000 (AssemblyVersion 6.11.8130.22319), a microcontroller-based safe deposit locker system, allows adjacent attackers to decrypt protected communications. The device uses a weak custom (proprietary) cryptographic algorithm with hard-coded keys, and researchers at SEC-VLab demonstrated both breaking the encryption routine and recovering the key by intercepting sufficient traffic. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Technical ContextAI
The affected product is a hardware controller used by Wertheim GmbH to manage safe deposit locker vault rooms, identified by CPE cpe:2.3:a:wertheim_gmbh:wertheim_safecontroller_family_65000_hardware_for_vault_rooms... The root cause is CWE-321 (Use of Hard-coded Cryptographic Key), compounded by a home-grown ('weak custom') cryptographic algorithm rather than a vetted standard such as AES with proper key management. Hard-coded keys mean every deployed device shares the same secret material, and the proprietary algorithm enables both ciphertext-only cryptanalysis and key recovery from a sufficient volume of intercepted messages - a classic violation of Kerckhoffs's principle.
RemediationAI
No vendor-released patch identified at time of analysis; consult the SEC-VLab advisory at https://r.sec-consult.com/wertdev and contact Wertheim GmbH (https://wertheim-safes.com/safe-deposit-boxes/) for a firmware update that replaces the proprietary algorithm with a standard authenticated-encryption scheme (e.g., AES-GCM) and per-device key provisioning. Until firmware is available, compensating controls include isolating the SafeController's communication bus or network segment on a dedicated VLAN with strict MAC/port-level access control to prevent adjacent eavesdropping, physically inspecting the vault-room cabling for unauthorized taps or rogue devices, and enabling any available link-layer protections such as 802.1X or MACsec on the carrying network - noting that segmentation does not fix the underlying weak crypto and only reduces attacker proximity opportunities.
Same weakness CWE-321 – Use of Hard-coded Cryptographic Key
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36705
GHSA-qxc2-68gx-hgrv