CVE-2026-34029
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wertheim GmbH | Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) | Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014 | affected |
Weaknesses
- CWE-321: CWE-321 Use of hard-coded cryptographic key
Workarounds
Restrict filesystem and backup access to the SafeController application installation directory and related configuration files. Ensure that application binaries, licence.whs, and configuration files are not exposed through web-accessible paths or document download functionality. Rotate affected keys and secrets where possible after installing the vendor-provided patch. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.