CVE-2026-34021
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485 messages and replay previously observed messages. This can be used, for example, to spoof a "quit alarm" message and continuously deactivate the safe alarm.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wertheim GmbH | Wertheim SafeController 5400 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller) | Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320 | affected |
Weaknesses
- CWE-294: CWE-294 Authentication bypass by capture-replay
Workarounds
Physically isolate all SafeController devices so that only authorized personnel can access them. Harden all connected systems that communicate via the serial interface, disable unnecessary services, and restrict access to authorized personnel only. Ensure that servers communicating with SafeController devices use strong, unique authentication credentials and are not accessible to unauthorized users. Maintain physical security of all interconnected components to prevent unauthorized access or tampering.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.