CVE-2026-34030 - Vulnerability Details

- Improper branch-code validation in Wertheim SafeController Software allows file path manipulation

Description

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can include path traversal sequences in the branch code and influence the final filesystem location used by affected file operations. This can allow files to be stored in unintended locations, subject to service-account write permissions and branch-code length restrictions.

Published: 2026-06-15

Score: 6.9 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in insufficient validation of branch codes during branch creation in the Wertheim SafeController Software. An authenticated attacker who possesses the settings_branches_manage privilege can inject path traversal sequences into a branch code, causing the software to generate filesystem paths that point outside the intended directory tree. This flaw enables the attacker to store uploaded files, profile pictures, and configuration data in arbitrary locations on the system, potentially overwriting critical files or placing data where it can be accessed or retrieved by malicious actors. The impact is not purely denial of service; it allows unauthorized file writes and may facilitate persistence or further exploitation if the service account has write access to sensitive directories.

Affected Systems

Vendor: Wertheim GmbH. Product: Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System). Affected version: AssemblyVersion 6.15.8328.28014. The vendor has released a patch that should be applied immediately, but the exact fixed version was not disclosed. Users should contact the vendor directly to obtain the update.

Risk and Exploitability

The CVSS v3.1 base score for this issue is 6.9, indicating moderate to high severity. No EPSS score is available, and the vulnerability is currently not listed in the CISA KEV catalog. The flaw is exploitable only by authenticated users who have branch‑management privileges, and it requires the attacker to supply a crafted branch code. Once the conditions are met, the attacker can influence where files are written, subject to the permissions of the service account and the length restrictions on branch codes. The exploit does not require remote code execution privileges; however, unauthorized file placement could lead to exfiltration or privileged operations if the service account has elevated capabilities.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Wertheim GmbH

Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)

unknown

Version	Status	Constraints
`Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014`	affected	—

No data.

No data available yet.

Remediation

Vendor Solution

The vendor provides a patch which should be installed immediately. Specific fixed version information was not provided. Affected parties should contact the vendor to request the update.

Vendor Workaround

Restrict branch-management privileges to trusted administrative users only. Validate branch codes on the server side using a strict allowlist of safe characters and reject path separators, traversal sequences, control characters, and other special characters. Ensure that filesystem paths are canonicalized and checked against an expected base directory before file operations are performed. Review service-account filesystem permissions so that the application can only write to required storage locations. These measures should only be treated as interim risk reduction; the vendor-provided patch should be installed.

OpenCVE Recommended Actions

Apply the vendor’s patch as soon as the fixed version becomes available; contact Wertheim GmbH to obtain the update.
Limit the settings_branches_manage privilege to trusted administrative accounts only, removing it from any broader user groups.
Implement server‑side validation of branch codes: enforce a strict allowlist of safe characters, reject path separators, traversal sequences, control characters, and other special symbols.
Canonicalize any filesystem paths derived from branch codes and verify that the resulting path remains within the expected base directory before performing file operations.
Review and restrict the filesystem permissions granted to the service account so that it can write only to the directories required for normal operation.

Generated by OpenCVE AI on June 15, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://r.sec-consult.com/wertheim
https://wertheim-safes.com/safe-deposit-box-management/

History

Mon, 15 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 15 Jun 2026 12:00:00 +0000

Type	Values Removed	Values Added
Description		The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can include path traversal sequences in the branch code and influence the final filesystem location used by affected file operations. This can allow files to be stored in unintended locations, subject to service-account write permissions and branch-code length restrictions.
Title		Improper branch-code validation in Wertheim SafeController Software allows file path manipulation
Weaknesses		CWE-73
References		https://r.sec-consult.com/wertheim https://wertheim-safes.com/safe-deposit-box-management/
Metrics		cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published: 2026-06-15T10:05:36.435Z

Updated: 2026-06-15T12:32:07.939Z

Reserved: 2026-03-25T10:46:45.516Z

Link: CVE-2026-34030

Vulnrichment

Updated: 2026-06-15T12:32:02.421Z

NVD

Status : Received

Published: 2026-06-15T12:16:25.633

Modified: 2026-06-15T12:16:25.633

Link: CVE-2026-34030

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-15T13:30:05Z

Weaknesses

CWE-73
External Control of File Name or Path

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object