CVE-2026-34029: CWE-321 Use of hard-coded cryptographic key in Wertheim GmbH Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
Wertheim SafeController Software version 6.15.8328.28014 contains a hard-coded cryptographic key within the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files could reverse engineer this DLL to extract the key. This key allows decryption of the licence.whs file, which holds sensitive licensing information and a secondary key to decrypt additional configuration files. This vulnerability is classified as CWE-321 and has a medium severity with a CVSS score of 6.8.
AI Analysis
Technical Summary
The vulnerability in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) involves the presence of a hard-coded cryptographic key embedded in the SafeSystem.Infrastructure.Security.dll. An attacker who can access the application files can reverse engineer the DLL to retrieve this key. The extracted key enables decryption of the licence.whs file, exposing sensitive licensing data and a secondary cryptographic key that can decrypt other configuration files. This exposure could compromise the confidentiality of licensing and configuration information within the Safe Deposit Locker System.
Potential Impact
The use of a hard-coded cryptographic key allows an attacker with local access to the application files to recover sensitive cryptographic material. This can lead to unauthorized decryption of licensing information and other protected configuration files, potentially undermining the security and integrity of the Safe Deposit Locker System's licensing and configuration management.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to application files to trusted personnel only to prevent reverse engineering. Monitor vendor communications for updates regarding patches or mitigations addressing this vulnerability.
CVE-2026-34029: CWE-321 Use of hard-coded cryptographic key in Wertheim GmbH Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System)
Description
Wertheim SafeController Software version 6.15.8328.28014 contains a hard-coded cryptographic key within the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files could reverse engineer this DLL to extract the key. This key allows decryption of the licence.whs file, which holds sensitive licensing information and a secondary key to decrypt additional configuration files. This vulnerability is classified as CWE-321 and has a medium severity with a CVSS score of 6.8.
CVSS v4.0
Score 6.8medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) involves the presence of a hard-coded cryptographic key embedded in the SafeSystem.Infrastructure.Security.dll. An attacker who can access the application files can reverse engineer the DLL to retrieve this key. The extracted key enables decryption of the licence.whs file, exposing sensitive licensing data and a secondary cryptographic key that can decrypt other configuration files. This exposure could compromise the confidentiality of licensing and configuration information within the Safe Deposit Locker System.
Potential Impact
The use of a hard-coded cryptographic key allows an attacker with local access to the application files to recover sensitive cryptographic material. This can lead to unauthorized decryption of licensing information and other protected configuration files, potentially undermining the security and integrity of the Safe Deposit Locker System's licensing and configuration management.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to application files to trusted personnel only to prevent reverse engineering. Monitor vendor communications for updates regarding patches or mitigations addressing this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- SEC-VLab
- Date Reserved
- 2026-03-25T10:46:45.516Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2fe9540b89be6888e984f8
Added to database: 6/15/2026, 12:00:20 PM
Last enriched: 6/15/2026, 12:16:11 PM
Last updated: 6/15/2026, 1:14:49 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.