CVE-2026-34021

CVE Database · CVE-2026-34021

CVE-2026-34021

· N/AReceived

CVSS v3.1

N/A

CVSS v4.0

8.6

EPSS

0.20%

Published

Jun 15, 2026

Modified

Jun 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485 messages and replay previously observed messages. This can be used, for example, to spoof a "quit alarm" message and continuously deactivate the safe alarm.

Weaknesses (CWE)

CWE-294

References (3)

https://r.sec-consult.com/wertdev

https://wertheim-safes.com/safe-deposit-boxes/

https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-wertheim-safecontroller-hardware-for-vault-rooms-safe-deposit-locker-system-microcontroller/

KEV Catalog EPSS Scores Vendors All CVEs