CVE-2026-34022 HIGH

CVE-2026-34022: Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption

Vendor Wertheim Gmbh
Product Wertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller)
Weakness CWE-321
Published June 15, 2026
Last update June 15, 2026

CVSS base score

7.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.

Key dates

02Disclosure timeline

June 15, 2026 CVE published
June 15, 2026 Record updated