CVE-2026-34022— Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wertheim GmbH | Wertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller) | Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34022
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的密码学密钥
Source: NVD (National Vulnerability Database)
Vulnerability Title
Wertheim SafeController Family 65000 Hardware for VAULT ROOMS 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Wertheim SafeController Family 65000 Hardware for VAULT ROOMS是Wertheim公司的一款用于保险库房间的保险箱锁系统微控制器硬件。 Wertheim SafeController Family 65000 Hardware for VAULT ROOMS 6.11.8130.22319版本存在加密问题漏洞,该漏洞源于使用弱自定义加密算法和硬编码加密密钥,可能导致中间人攻击者解密数据流量,并通过拦截足够消息获取加密密钥。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Wertheim GmbH | Wertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller) | Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319 | - |
II. Public POCs for CVE-2026-34022
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-34022
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-34022 (1)
Same Patch Batch · Wertheim GmbH · 2026-06-15 · 10 CVEs total
| CVE-2026-34024 | Missing authorization checks in Wertheim SafeController Software allow low-privileged user | |
| CVE-2026-34028 | Unauthenticated direct access to web data in Wertheim SafeController Software exposes file | |
| CVE-2026-34029 | Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sens | |
| CVE-2026-34025 | IP restriction bypass in Wertheim SafeController Software allows logins from unauthorized | |
| CVE-2026-34026 | Path traversal in Wertheim SafeController Software allows authenticated users to download | |
| CVE-2026-34027 | Upload restriction bypass in Wertheim SafeController Software allows authenticated users t | |
| CVE-2026-34021 | Lack of cryptographic protection in Wertheim SafeController 5400 enables RS-485 message sn | |
| CVE-2026-34030 | Improper branch-code validation in Wertheim SafeController Software allows file path manip | |
| CVE-2026-34023 | Broken WebSocket authorization in Wertheim SafeController Software allows cross-branch acc |
IV. Related Vulnerabilities
Same vendor: Wertheim GmbH
- CVE-2026-34030
Improper branch-code validation in Wertheim SafeController S - CVE-2026-34029
Hard-coded cryptographic key in Wertheim SafeController Soft - CVE-2026-34028
Unauthenticated direct access to web data in Wertheim SafeCo - CVE-2026-34027
Upload restriction bypass in Wertheim SafeController Softwar - CVE-2026-34026
Path traversal in Wertheim SafeController Software allows au
Same weakness: CWE-321
- CVE-2026-54833
WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerabili - CVE-2026-9220
Setracker2 Children's Smartwatch Ecosystem Use of hard-coded - CVE-2026-35019
NetComm NF20MESH < R6B032 Hardcoded AES Key Authentication B - CVE-2026-9260
佳能EOS网络设置工具V1.5.0前硬编码密钥漏洞 - CVE-2026-34029
Hard-coded cryptographic key in Wertheim SafeController Soft
V. Comments for CVE-2026-34022
No comments yet