Skip to main content

Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System

8 CVEs product

Monthly

CVE-2026-34030 MEDIUM This Month

Path traversal in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables an authenticated user holding the settings_branches_manage privilege to embed directory traversal sequences in a newly created branch code, redirecting downstream file-write operations — covering uploaded files, profile pictures, and settings data — to attacker-chosen filesystem locations. The root cause is insufficient server-side validation of the branch code field at branch creation time; that tainted value later propagates into multiple file-path-generation routines across the application. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified; real-world impact is bounded by both the service account's write permissions and length restrictions on the branch code value.

Path Traversal Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-34029 MEDIUM This Month

Hard-coded cryptographic key exposure in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables local attackers to decrypt sensitive licensing and configuration data for vault room and safe deposit locker systems. The static key, embedded in SafeSystem.Infrastructure.Security.dll, can be recovered through standard reverse engineering, then used to decrypt the licence.whs file - which itself contains a second key granting access to additional configuration files. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code is known at time of analysis; however, the attack requires only low-privilege local file access and straightforward tooling, making it realistic for any insider or attacker who achieves filesystem access.

Information Disclosure Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2026-34028 MEDIUM This Month

Unauthenticated file disclosure in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) exposes unprotected HTTP endpoints that allow any remote, unauthenticated attacker to directly download files from paths including /Resources/CompanyId_[ID]/Audio/ and /SafeData/. The affected software manages physical vault rooms and safe deposit locker systems, making the /SafeData/ endpoint particularly sensitive as it likely contains locker allocation records, customer data, or audit materials. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the network-accessible, zero-authentication nature of the flaw (AV:N/AC:L/PR:N/UI:N per CVSS 4.0) makes opportunistic abuse trivially achievable without specialized tooling.

Information Disclosure Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-34027 MEDIUM This Month

Unrestricted file upload in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows any authenticated user, regardless of role or permission level, to bypass server-side file type controls at the /safe/contract/uploadcustomdocuments endpoint by spoofing the HTTP Content-Type header with a value containing allowed substrings such as 'pdf', 'jpeg', 'tiff', or 'png'. Because validation relies entirely on a client-supplied header rather than inspecting actual file content or magic bytes, arbitrary file content can be written to the server. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

File Upload Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-34026 HIGH This Week

Authenticated path traversal in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) - software used to manage vault rooms and safe deposit locker systems - allows any logged-in user to read arbitrary files from the host via the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. Successful exploitation exposes application log files (which may contain credentials or session data) and application binaries, enabling secondary attacks against the safe deposit locker infrastructure. No public exploit identified at time of analysis, and the issue was disclosed by SEC Consult Vulnerability Lab (SEC-VLab).

Path Traversal Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2026-34025 MEDIUM This Month

IP restriction bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows an attacker holding valid branch user credentials to authenticate from any unauthorized network location by spoofing the expected branch IP address via a manipulated X-Forwarded-For HTTP header. The system - designed to control physical vault room and safe deposit locker access - enforces branch-location login restrictions based entirely on this attacker-controllable header when it is present, nullifying a key network-based access control boundary. No public exploit code or CISA KEV listing exists at time of analysis; exploitation is constrained to actors with valid branch credentials.

Authentication Bypass Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-34024 HIGH This Week

Authorization bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables low-privileged authenticated users to reach hidden web endpoints and perform restricted operations including branch switching, arbitrary file upload/download, and viewing details of arbitrary branches. The flaw stems from missing access control on endpoints that exist server-side but are not surfaced in the UI, breaking the product's tenancy/segregation between branches. No public exploit identified at time of analysis; CVSS 4.0 base score is 8.6 (high).

Authentication Bypass Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2026-34023 HIGH This Week

Cross-branch authorization bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows an authenticated low-privileged branch user to tamper with WebSocket messages handled by the SafeController WebMessageBroker and act on safe-deposit boxes belonging to other branches. The flaw stems from missing tenant/branch enforcement on supplied controller identifiers, enabling activation of vault boxes outside the user's authorized scope. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Authentication Bypass Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
CVSS 4.0
7.1
EPSS
0.3%
EPSS 0% CVSS 6.9
MEDIUM This Month

Path traversal in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables an authenticated user holding the settings_branches_manage privilege to embed directory traversal sequences in a newly created branch code, redirecting downstream file-write operations — covering uploaded files, profile pictures, and settings data — to attacker-chosen filesystem locations. The root cause is insufficient server-side validation of the branch code field at branch creation time; that tainted value later propagates into multiple file-path-generation routines across the application. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified; real-world impact is bounded by both the service account's write permissions and length restrictions on the branch code value.

Path Traversal Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Hard-coded cryptographic key exposure in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables local attackers to decrypt sensitive licensing and configuration data for vault room and safe deposit locker systems. The static key, embedded in SafeSystem.Infrastructure.Security.dll, can be recovered through standard reverse engineering, then used to decrypt the licence.whs file - which itself contains a second key granting access to additional configuration files. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code is known at time of analysis; however, the attack requires only low-privilege local file access and straightforward tooling, making it realistic for any insider or attacker who achieves filesystem access.

Information Disclosure Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Unauthenticated file disclosure in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) exposes unprotected HTTP endpoints that allow any remote, unauthenticated attacker to directly download files from paths including /Resources/CompanyId_[ID]/Audio/ and /SafeData/. The affected software manages physical vault rooms and safe deposit locker systems, making the /SafeData/ endpoint particularly sensitive as it likely contains locker allocation records, customer data, or audit materials. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the network-accessible, zero-authentication nature of the flaw (AV:N/AC:L/PR:N/UI:N per CVSS 4.0) makes opportunistic abuse trivially achievable without specialized tooling.

Information Disclosure Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Unrestricted file upload in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows any authenticated user, regardless of role or permission level, to bypass server-side file type controls at the /safe/contract/uploadcustomdocuments endpoint by spoofing the HTTP Content-Type header with a value containing allowed substrings such as 'pdf', 'jpeg', 'tiff', or 'png'. Because validation relies entirely on a client-supplied header rather than inspecting actual file content or magic bytes, arbitrary file content can be written to the server. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

File Upload Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Authenticated path traversal in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) - software used to manage vault rooms and safe deposit locker systems - allows any logged-in user to read arbitrary files from the host via the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. Successful exploitation exposes application log files (which may contain credentials or session data) and application binaries, enabling secondary attacks against the safe deposit locker infrastructure. No public exploit identified at time of analysis, and the issue was disclosed by SEC Consult Vulnerability Lab (SEC-VLab).

Path Traversal Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IP restriction bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows an attacker holding valid branch user credentials to authenticate from any unauthorized network location by spoofing the expected branch IP address via a manipulated X-Forwarded-For HTTP header. The system - designed to control physical vault room and safe deposit locker access - enforces branch-location login restrictions based entirely on this attacker-controllable header when it is present, nullifying a key network-based access control boundary. No public exploit code or CISA KEV listing exists at time of analysis; exploitation is constrained to actors with valid branch credentials.

Authentication Bypass Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Authorization bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) enables low-privileged authenticated users to reach hidden web endpoints and perform restricted operations including branch switching, arbitrary file upload/download, and viewing details of arbitrary branches. The flaw stems from missing access control on endpoints that exist server-side but are not surfaced in the UI, breaking the product's tenancy/segregation between branches. No public exploit identified at time of analysis; CVSS 4.0 base score is 8.6 (high).

Authentication Bypass Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-branch authorization bypass in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) allows an authenticated low-privileged branch user to tamper with WebSocket messages handled by the SafeController WebMessageBroker and act on safe-deposit boxes belonging to other branches. The flaw stems from missing tenant/branch enforcement on supplied controller identifiers, enabling activation of vault boxes outside the user's authorized scope. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Authentication Bypass Wertheim Safecontroller Software For Vault Rooms Safe Deposit Locker System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy