← back
CVE-2026-34021

Lack of cryptographic protection in Wertheim SafeController 5400 enables RS-485 message sniffing and replay

CVSS 8.6 HIGHEPSS 0.2%CWE-294
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 8.6EPSS 0.2%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
15 Jun 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485 messages and replay previously observed messages. This can be used, for example, to spoof a "quit alarm" message and continuously deactivate the safe alarm.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected products
Wertheim GmbH · Wertheim SafeController 5400 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller)
public PoCs found1
cve_referencesec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-wertheim-safecontroller-hardware-for-vault-rooms-safe-deposit-locker-system-microcontroller/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://r.sec-consult.com/wertdevhttps://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-wertheim-safecontroller-hardware-for-vault-rooms-safe-deposit-locker-system-microcontroller/https://wertheim-safes.com/safe-deposit-boxes/