Description
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch.
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the WebSocket communication layer of Wertheim SafeController Software. An authenticated attacker who possesses low‑privileged branch credentials can alter WebSocket messages to reference controller identifiers belonging to other branches. This manipulation permits the attacker to invoke restricted functions, such as activating boxes, and to access resources that are not part of the user’s authorized branch. The weakness is an authorization flaw (CWE‑863) that does not grant code execution but directly undermines confidentiality and integrity of branch‑specific assets.

Affected Systems

The affected vendor is Wertheim GmbH and the product is Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System). The documented impacted build is AssemblyVersion 6.15.8328.28014; other releases may also be affected but are not explicitly listed.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate to high risk, although the flaw requires the attacker to be already authenticated with a branch account, limiting initial access. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. A potential attack path involves logging into the web application, connecting to the WebSocket endpoint, and submitting crafted messages that target controllers outside the attacker’s branch. Because the flaw is purely at the authorization layer, exploitation is relatively straightforward once authenticated, highlighting the need for rapid remediation.

Generated by OpenCVE AI on June 15, 2026 at 13:25 UTC.

Remediation

Vendor Solution

The vendor provides a patch which should be installed immediately. Specific fixed version information was not provided. Affected parties should contact the vendor to request the update.

Vendor Workaround

Restrict access to the SafeController web application and WebSocket interface to authorized users and trusted network locations only. Review user privileges and branch assignments. Monitor WebSocket activity for controller identifiers or branch identifiers that do not match the authenticated user's assigned branch. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed.

OpenCVE Recommended Actions

  • Apply the vendor’s patch as soon as it becomes available.
  • Restrict the SafeController web application and WebSocket interface to authorized users and trusted network locations, ensuring only necessary network segments can reach the endpoints.
  • Review and adjust user privileges and branch assignments to minimise the number of accounts that can manipulate WebSocket messages.
  • Monitor WebSocket traffic for controller or branch identifiers that do not match the authenticated user’s branch and investigate anomalous activity.

Generated by OpenCVE AI on June 15, 2026 at 13:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Description The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch.
Title Broken WebSocket authorization in Wertheim SafeController Software allows cross-branch access to restricted functions
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published:

Updated: 2026-06-15T12:27:14.591Z

Reserved: 2026-03-25T10:46:45.515Z

Link: CVE-2026-34023

cve-icon Vulnrichment

Updated: 2026-06-15T12:26:43.352Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T12:16:24.563

Modified: 2026-06-15T21:05:18.653

Link: CVE-2026-34023

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-15T13:30:05Z

Weaknesses