Skip to main content

Wertheim SafeController EUVDEUVD-2026-36706

| CVE-2026-34023 HIGH
Incorrect Authorization (CWE-863)
2026-06-15 SEC-VLab GHSA-v4rm-3378-9vff
7.1
CVSS 4.0 · Vendor: SEC-VLab
Share

Severity by source

Vendor (SEC-VLab) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.1 HIGH

Network-reachable WebSocket with low-privileged branch credentials required (PR:L, AC:L); attacker modifies messages to actuate other branches' boxes giving high integrity impact, limited confidentiality leakage, no availability effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (SEC-VLab).

CVSS VectorVendor: SEC-VLab

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 15, 2026 - 12:23 vuln.today

DescriptionCVE.org

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch.

AnalysisAI

Cross-branch authorization bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows an authenticated low-privileged branch user to tamper with WebSocket messages handled by the SafeController WebMessageBroker and act on safe-deposit boxes belonging to other branches. The flaw stems from missing tenant/branch enforcement on supplied controller identifiers, enabling activation of vault boxes outside the user's authorized scope. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Technical ContextAI

The affected component is the SafeController WebMessageBroker, a WebSocket-based message bus used by Wertheim's safe-deposit/vault-room locker management software (CPE wertheim_gmbh:wertheim_safecontroller_software_for_vault_rooms). CWE-863 (Incorrect Authorization) characterizes the root cause: the server authenticates the user but trusts attacker-controlled controller identifiers in WebSocket frames rather than validating that the requested controller actually belongs to the caller's branch/tenant. This is a classic IDOR/multi-tenant isolation failure on a real-time channel, where authorization checks must be re-applied on every message rather than only at session/handshake time.

RemediationAI

No vendor-released patch identified at time of analysis; consult the SEC Consult advisory at https://r.sec-consult.com/wertheim and contact Wertheim (https://wertheim-safes.com/safe-deposit-box-management/) for a fixed build superseding AssemblyVersion 6.15.8328.28014. Until a fix is available, restrict network reachability of the WebMessageBroker WebSocket endpoint to trusted management segments and the local branch only (per-branch network segmentation or firewalling) so that branch users cannot reach controllers outside their site - this limits exposure but does not address insider abuse within a multi-branch shared backend. Enforce strict credential hygiene and rotate any potentially shared branch-user accounts, enable detailed audit logging on WebMessageBroker operations and alert on controller IDs accessed outside a user's assigned branch, and where operationally tolerable disable remote/centralized control features so each branch's controllers are administered only from on-site workstations (trade-off: loss of centralized management convenience).

Share

EUVD-2026-36706 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy