CVE-2026-34022

Summary

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.

Affected Software

VendorProductVersion RangeStatus
Wertheim GmbHWertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller)Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319affected

Weaknesses

  • CWE-321: CWE-321 Use of hard-coded cryptographic key

Workarounds

Physically isolate all SafeController devices so that only authorized personnel can access them. Harden all connected systems that communicate with the controller, disable unnecessary services, and restrict access to authorized personnel only. Ensure that servers communicating with SafeController devices use strong, unique authentication credentials and are not accessible to unauthorized users. Maintain physical security of all interconnected components to prevent unauthorized access or tampering.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References