Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of...

6.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.

Basic Information

ID CVE-2026-34029

Source SEC-VLab

Published Jun 15, 2026 at 10:05

Affected Product

Vendor Wertheim GmbH

Product Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)

Version Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014

Affected Versions Wertheim GmbH Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014

CWE Classification

CWE-321

References

{
    "lastseen": "",
    "description": "The\u00a0Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.",
    "published": "2026-06-15T10:05:13.770Z",
    "modified": "2026-06-15T10:05:13.770Z",
    "type": "cve",
    "title": "Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sensitive configuration data",
    "source": "SEC-VLab",
    "references": "https://wertheim-safes.com/safe-deposit-box-management/\nhttps://r.sec-consult.com/wertheim",
    "id": "CVE-2026-34029",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321"
    ],
    "cvelist": null,
    "sourceData": "Wertheim GmbH Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)",
    "version": "Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014",
    "vendor": "Wertheim GmbH",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sensitive configuration data_CVE-2026-34029