PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-34021 Wertheim GmbH CVE debrief

The Wertheim SafeController 5400, specifically Controller 5400 - AssemblyVersion 6.11.8130.22320, has a security vulnerability due to its use of RS-485 communication between the server and the microcontroller without cryptographic protection. This lack of protection allows an attacker with access to the communication path to sniff RS-485 messages and replay previously observed messages. Such an attack can be utilized to spoof a 'quit alarm' message, effectively and continuously deactivating the safe alarm.

Vendor
Wertheim GmbH
Product
Wertheim SafeController 5400 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller)
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-15
Original CVE updated
2026-06-15
Advisory published
2026-06-15
Advisory updated
2026-06-15

Who should care

Organizations and individuals using the Wertheim SafeController 5400, specifically those with Controller 5400 - AssemblyVersion 6.11.8130.22320, should be aware of this vulnerability as it can be exploited to compromise the security of their safe alarm systems.

Technical summary

The vulnerability is characterized by the use of RS-485 communication without cryptographic protection. This allows for eavesdropping and replay attacks. The CVSS score for this vulnerability is 8.6, indicating a high severity level.

Defensive priority

High

Recommended defensive actions

  • Implement cryptographic protection for RS-485 communication between the server and the microcontroller.
  • Restrict access to the communication path between the server and the microcontroller to prevent unauthorized sniffing and replaying of messages.
  • Regularly update and patch the Controller 5400 to the latest version if available.

Evidence notes

The CVE record was obtained from the official CVE.org website. Additional information was derived from the NVD detail page and source references provided.

Official resources

CVE-2026-34021 was published and modified on 2026-06-15T12:16:24.230Z.