Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local-only attack on application files requiring low privileges; pure confidentiality disclosure with no integrity or availability impact and unchanged scope.
Primary rating from Vendor (SEC-VLab).
CVSS VectorVendor: SEC-VLab
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.
AnalysisAI
Hard-coded cryptographic key exposure in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables local attackers to decrypt sensitive licensing and configuration data for vault room and safe deposit locker systems. The static key, embedded in SafeSystem.Infrastructure.Security.dll, can be recovered through standard reverse engineering, then used to decrypt the licence.whs file - which itself contains a second key granting access to additional configuration files. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code is known at time of analysis; however, the attack requires only low-privilege local file access and straightforward tooling, making it realistic for any insider or attacker who achieves filesystem access.
Technical ContextAI
CWE-321 (Use of Hard-coded Cryptographic Key) describes the root cause: a static cryptographic secret baked into compiled code that cannot be rotated without a software update and is recoverable by any party with access to the binary. The affected component, SafeSystem.Infrastructure.Security.dll, is a .NET assembly (indicated by the AssemblyVersion format 6.15.8328.28014), making it trivially decompilable with tools such as dnSpy, ILSpy, or dotPeek without special expertise. The CPE string cpe:2.3:a:wertheim_gmbh:wertheim_safecontroller_software_for_vault_rooms_(safe_deposit_locker_system) confirms this is physical security management software for vault rooms and safe deposit locker systems - a domain where confidentiality of configuration and licensing data may have direct operational security implications. The two-tier key architecture (a primary key in the DLL decrypts licence.whs, which yields a secondary key for config files) suggests the design attempted layered protection, but both tiers collapse once the root key is extracted.
RemediationAI
No vendor-released patched version is identified in the available data - the fix version is not independently confirmed from the references provided. Organizations running AssemblyVersion 6.15.8328.28014 should contact Wertheim GmbH directly via https://wertheim-safes.com/safe-deposit-box-management/ to obtain an updated release that removes or properly protects the hard-coded key. As a compensating control, restrict filesystem ACLs on the SafeController installation directory so that only the service account running the application can read DLL and configuration files - this raises the effective privilege bar for exploitation, though it does not eliminate the underlying flaw. Additionally, treat the licence.whs file and any decrypted configuration content as potentially compromised if any non-administrator user has had read access to the application directory; request replacement licensing credentials from the vendor if compromise is suspected. Monitor the SEC Consult advisory at https://r.sec-consult.com/wertheim for patch availability updates.
Authorization bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables low-privileged authen
Authenticated path traversal in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) - software used to ma
Cross-branch authorization bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows an authen
Path traversal in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables an authenticated user holdi
Unauthenticated file disclosure in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) exposes unprotecte
Unrestricted file upload in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows any authenticated
IP restriction bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows an attacker holding v
Same weakness CWE-321 – Use of Hard-coded Cryptographic Key
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36712
GHSA-pwhr-98hp-44r7