CVE-2026-34021

Summary

The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485 messages and replay previously observed messages. This can be used, for example, to spoof a "quit alarm" message and continuously deactivate the safe alarm.

Affected Software

VendorProductVersion RangeStatus
Wertheim GmbHWertheim SafeController 5400 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller)Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320affected

Weaknesses

  • CWE-294: CWE-294 Authentication bypass by capture-replay

Workarounds

Physically isolate all SafeController devices so that only authorized personnel can access them. Harden all connected systems that communicate via the serial interface, disable unnecessary services, and restrict access to authorized personnel only. Ensure that servers communicating with SafeController devices use strong, unique authentication credentials and are not accessible to unauthorized users. Maintain physical security of all interconnected components to prevent unauthorized access or tampering.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References