Skip to main content

Wertheim SafeController 65000 CVE-2026-34022

| EUVDEUVD-2026-36705 HIGH
Use of Hard-coded Cryptographic Key (CWE-321)
2026-06-15 SEC-VLab GHSA-qxc2-68gx-hgrv
7.1
CVSS 4.0 · Vendor: SEC-VLab
Share

Severity by source

Vendor (SEC-VLab) PRIMARY
7.1 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Adjacent access to the controller's communication link is required (AV:A); no authentication or interaction needed (PR:N/UI:N); only confidentiality of traffic is impacted (C:H, I:N, A:N).

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (SEC-VLab).

CVSS VectorVendor: SEC-VLab

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 15, 2026 - 12:23 vuln.today

DescriptionCVE.org

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.

AnalysisAI

Cryptographic key disclosure in Wertheim SafeController Family 65000 (AssemblyVersion 6.11.8130.22319), a microcontroller-based safe deposit locker system, allows adjacent attackers to decrypt protected communications. The device uses a weak custom (proprietary) cryptographic algorithm with hard-coded keys, and researchers at SEC-VLab demonstrated both breaking the encryption routine and recovering the key by intercepting sufficient traffic. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Technical ContextAI

The affected product is a hardware controller used by Wertheim GmbH to manage safe deposit locker vault rooms, identified by CPE cpe:2.3:a:wertheim_gmbh:wertheim_safecontroller_family_65000_hardware_for_vault_rooms... The root cause is CWE-321 (Use of Hard-coded Cryptographic Key), compounded by a home-grown ('weak custom') cryptographic algorithm rather than a vetted standard such as AES with proper key management. Hard-coded keys mean every deployed device shares the same secret material, and the proprietary algorithm enables both ciphertext-only cryptanalysis and key recovery from a sufficient volume of intercepted messages - a classic violation of Kerckhoffs's principle.

RemediationAI

No vendor-released patch identified at time of analysis; consult the SEC-VLab advisory at https://r.sec-consult.com/wertdev and contact Wertheim GmbH (https://wertheim-safes.com/safe-deposit-boxes/) for a firmware update that replaces the proprietary algorithm with a standard authenticated-encryption scheme (e.g., AES-GCM) and per-device key provisioning. Until firmware is available, compensating controls include isolating the SafeController's communication bus or network segment on a dedicated VLAN with strict MAC/port-level access control to prevent adjacent eavesdropping, physically inspecting the vault-room cabling for unauthorized taps or rogue devices, and enabling any available link-layer protections such as 802.1X or MACsec on the carrying network - noting that segmentation does not fix the underlying weak crypto and only reduces attacker proximity opportunities.

Share

CVE-2026-34022 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy