CVE-2026-34023
Deferred Deferred - Pending Action

Incorrect Authorization in Wertheim SafeController WebMessageBroker via WebSocket Manipulation

Vulnerability report for CVE-2026-34023, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: SEC Consult Vulnerability Lab

Description

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-07-05
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
wertheim safecontroller 6.15.8328.28014
wertheim safe_deposit_box_management 6.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves manipulation of WebSocket messages in the Wertheim SafeController software by an authenticated low-privileged user. Detection would focus on monitoring WebSocket traffic for unauthorized controller identifier usage or unusual access patterns across branches.

To detect exploitation attempts, network administrators can capture and analyze WebSocket communications to identify messages where controller identifiers from other branches are being accessed or manipulated.

Suggested commands include using network traffic analysis tools such as:

  • Using tcpdump or tshark to capture WebSocket traffic on the relevant ports:
  • tcpdump -i <interface> -w websocket_traffic.pcap port <websocket_port>
  • tshark -r websocket_traffic.pcap -Y "websocket" -V

After capturing, inspect the WebSocket messages for controller identifiers that do not belong to the authenticated user's branch.

Additionally, reviewing application logs for unusual access patterns or authorization failures related to WebSocket communication may help detect exploitation.

Executive Summary

The vulnerability in the Wertheim SafeController Software involves incorrect authorization in the WebSocket communication used by the SafeController WebMessageBroker.

An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches.

This manipulation allows the attacker to access restricted functions and resources in branches they are not authorized to access, including activating boxes outside their authorized branch.

This vulnerability is critical and part of a series of issues that could potentially lead to remote code execution on the application's host with the software's privileges.

Impact Analysis

This vulnerability can allow an attacker with low-privileged credentials to bypass authorization controls and access restricted functions and resources in other branches.

Such unauthorized access could lead to manipulation or activation of safe deposit boxes outside the attacker's authorized branch.

In combination with other vulnerabilities, this flaw could enable remote code execution on the host system, potentially compromising the entire application and its data.

This could result in significant security breaches, loss of control over safe deposit boxes, and exposure of sensitive customer information.

Mitigation Strategies

The vendor has provided a patch for the vulnerability, which should be installed immediately to mitigate the risk.

Additionally, it is recommended to perform a thorough security review of the product to identify and resolve any other potential vulnerabilities.

Compliance Impact

The vulnerability in Wertheim SafeController software allows an attacker with low-privileged credentials to bypass authorization and access restricted functions and resources across branches. This unauthorized access could lead to exposure or manipulation of sensitive data managed by the system.

Such unauthorized access and potential data exposure may negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls, data protection, and auditability to safeguard personal and sensitive information.

However, the provided information does not explicitly discuss the direct impact on compliance frameworks or specific regulatory requirements.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34023. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart