CVE-2026-34022 | The Wertheim SafeController Family 65000, Controller 65000 -… | CVSS 7.1 HIGH

Description

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.

Metadata

CVE ID: CVE-2026-34022
State: PUBLISHED
Assigner: SEC-VLab
Reserved: 2026-03-25 10:46 UTC
Published: 2026-06-15 10:02 UTC
Last updated: 2026-06-15 13:08 UTC
Primary CWE: CWE-321
CWE-321 Use of hard-coded cryptographic key
Vendor / Product: Wertheim GmbH / Wertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller)
Sources: cve.org · NVD

Severity & Metrics

7.1 HIGH CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Wertheim GmbH	Wertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller)	—	Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319

Weakness (CWE)

CWE	Source	Description
CWE-321	cna	CWE-321 Use of hard-coded cryptographic key

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.1	HIGH	4.0	cna	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References (2)