Skip to main content

Wertheim SafeController EUVDEUVD-2026-36712

| CVE-2026-34029 MEDIUM
Use of Hard-coded Cryptographic Key (CWE-321)
2026-06-15 SEC-VLab GHSA-pwhr-98hp-44r7
6.8
CVSS 4.0 · Vendor: SEC-VLab
Share

Severity by source

Vendor (SEC-VLab) PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.5 MEDIUM

Local-only attack on application files requiring low privileges; pure confidentiality disclosure with no integrity or availability impact and unchanged scope.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (SEC-VLab).

CVSS VectorVendor: SEC-VLab

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 15, 2026 - 12:26 vuln.today

DescriptionCVE.org

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.

AnalysisAI

Hard-coded cryptographic key exposure in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables local attackers to decrypt sensitive licensing and configuration data for vault room and safe deposit locker systems. The static key, embedded in SafeSystem.Infrastructure.Security.dll, can be recovered through standard reverse engineering, then used to decrypt the licence.whs file - which itself contains a second key granting access to additional configuration files. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code is known at time of analysis; however, the attack requires only low-privilege local file access and straightforward tooling, making it realistic for any insider or attacker who achieves filesystem access.

Technical ContextAI

CWE-321 (Use of Hard-coded Cryptographic Key) describes the root cause: a static cryptographic secret baked into compiled code that cannot be rotated without a software update and is recoverable by any party with access to the binary. The affected component, SafeSystem.Infrastructure.Security.dll, is a .NET assembly (indicated by the AssemblyVersion format 6.15.8328.28014), making it trivially decompilable with tools such as dnSpy, ILSpy, or dotPeek without special expertise. The CPE string cpe:2.3:a:wertheim_gmbh:wertheim_safecontroller_software_for_vault_rooms_(safe_deposit_locker_system) confirms this is physical security management software for vault rooms and safe deposit locker systems - a domain where confidentiality of configuration and licensing data may have direct operational security implications. The two-tier key architecture (a primary key in the DLL decrypts licence.whs, which yields a secondary key for config files) suggests the design attempted layered protection, but both tiers collapse once the root key is extracted.

RemediationAI

No vendor-released patched version is identified in the available data - the fix version is not independently confirmed from the references provided. Organizations running AssemblyVersion 6.15.8328.28014 should contact Wertheim GmbH directly via https://wertheim-safes.com/safe-deposit-box-management/ to obtain an updated release that removes or properly protects the hard-coded key. As a compensating control, restrict filesystem ACLs on the SafeController installation directory so that only the service account running the application can read DLL and configuration files - this raises the effective privilege bar for exploitation, though it does not eliminate the underlying flaw. Additionally, treat the licence.whs file and any decrypted configuration content as potentially compromised if any non-administrator user has had read access to the application directory; request replacement licensing credentials from the vendor if compromise is suspected. Monitor the SEC Consult advisory at https://r.sec-consult.com/wertheim for patch availability updates.

Share

EUVD-2026-36712 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy