Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption
Summary
| CVE | CVE-2026-34022 |
|---|---|
| State | PUBLISHED |
| Assigner | SEC-VLab |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-15 12:16:24 UTC |
| Updated | 2026-06-15 14:16:34 UTC |
| Description | The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages. |
Risk And Classification
Primary CVSS: v4.0 7.1 HIGH from 551230f0-3615-47bd-b7cc-93e92e730bbf
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-321 | CWE-321 CWE-321 Use of hard-coded cryptographic key
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | 551230f0-3615-47bd-b7cc-93e92e730bbf | Secondary | 7.1 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 7.1 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
CVSS v4.0 Breakdown
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Wertheim GmbH | Wertheim SafeController Family 65000 Hardware For VAULT ROOMS Safe Deposit Locker System - Microcontroller | affected Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| wertheim-safes.com/safe-deposit-boxes | 551230f0-3615-47bd-b7cc-93e92e730bbf | wertheim-safes.com | |
| sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-werthe... | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | sec-consult.com | |
| r.sec-consult.com/wertdev | 551230f0-3615-47bd-b7cc-93e92e730bbf | r.sec-consult.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Gorazd Jank, SEC Consult Vulnerability Lab (en)
CNA: Christian Hager, SEC Consult Vulnerability Lab (en)
CNA: Philipp Espernberger, SEC Consult Vulnerability Lab (en)
Additional Advisory Data
Solutions
CNA: No fix is available for this issue. The vendor stated that the encryption algorithm for Controller 65000 cannot be improved or fixed because of missing hardware support. Affected parties should assess the business risk and switch to a supported version if unsupported products are in use.
Workarounds
CNA: Physically isolate all SafeController devices so that only authorized personnel can access them. Harden all connected systems that communicate with the controller, disable unnecessary services, and restrict access to authorized personnel only. Ensure that servers communicating with SafeController devices use strong, unique authentication credentials and are not accessible to unauthorized users. Maintain physical security of all interconnected components to prevent unauthorized access or tampering.