Description
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.
Published: 2026-06-15
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Wertheim SafeController Family 65000 uses a custom cryptographic algorithm with hard‑coded keys that protects controller communication. The weakness allows an attacker positioned between the controller and its communication interface to break the encryption and decrypt data streams. Interception of sufficient messages can also reveal key material, meaning the confidentiality of all traffic to and from the safe controller is compromised.

Affected Systems

Vulnerable devices are Wertheim GmbH’s SafeController Family 65000 hardware, specifically the Controller 65000 model with AssemblyVersion 6.11.8130.22319. These controllers are installed in vault rooms where safe deposit lockers communicate through a microcontroller.

Risk and Exploitability

The CVSS score of 7.1 reflects high severity, but the EPSS score is not available, indicating limited publicly known exploitation data. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely occur via an adversary‑in‑the‑middle position, where the attacker can access encrypted traffic. Because the vendor has stated the encryption cannot be improved due to hardware limitations and no patch is available, the risk remains unless mitigated operationally or by migrating to a supported system.

Generated by OpenCVE AI on June 15, 2026 at 13:52 UTC.

Remediation

Vendor Solution

No fix is available for this issue. The vendor stated that the encryption algorithm for Controller 65000 cannot be improved or fixed because of missing hardware support. Affected parties should assess the business risk and switch to a supported version if unsupported products are in use.

Vendor Workaround

Physically isolate all SafeController devices so that only authorized personnel can access them. Harden all connected systems that communicate with the controller, disable unnecessary services, and restrict access to authorized personnel only. Ensure that servers communicating with SafeController devices use strong, unique authentication credentials and are not accessible to unauthorized users. Maintain physical security of all interconnected components to prevent unauthorized access or tampering.

OpenCVE Recommended Actions

  • Assess the business risk and consider switching to a supported version or alternative system
  • Physically isolate SafeController devices so that only authorized personnel can access them
  • Harden connected systems: disable unnecessary services, enforce strong authentication, and restrict network access to the controllers

Generated by OpenCVE AI on June 15, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Description The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.
Title Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption
Weaknesses CWE-321
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published:

Updated: 2026-06-15T13:08:17.437Z

Reserved: 2026-03-25T10:46:45.515Z

Link: CVE-2026-34022

cve-icon Vulnrichment

Updated: 2026-06-15T13:08:03.596Z

cve-icon NVD

Status : Received

Published: 2026-06-15T12:16:24.410

Modified: 2026-06-15T14:16:34.193

Link: CVE-2026-34022

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T14:00:12Z

Weaknesses
  • CWE-321

    Use of Hard-coded Cryptographic Key