CVE-2026-34024
Deferred Deferred - Pending Action

Missing Authorization in Wertheim SafeController Software

Vulnerability report for CVE-2026-34024, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: SEC Consult Vulnerability Lab

Description

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-07-05
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wertheim safecontroller 6.15.8328.28014

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in Wertheim SafeController Software allows an authenticated attacker with minimal privileges to access restricted endpoints and perform unauthorized actions such as switching user branches, uploading and downloading arbitrary files, and viewing sensitive branch details.

Such unauthorized access and potential data exposure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.

However, the provided context and resources do not explicitly discuss the direct impact of this vulnerability on compliance with these regulations.

Mitigation Strategies

The vendor has provided a patch for the vulnerability, which should be installed immediately to mitigate the risk.

Additionally, a thorough security review of the product is recommended to identify and resolve any additional potential vulnerabilities.

Executive Summary

The vulnerability in the Wertheim SafeController Software version 6.15.8328.28014 is due to missing authorization checks on multiple web application endpoints.

An authenticated attacker with minimal privileges can access hidden endpoints that are not visible in the frontend but are still directly reachable.

This unauthorized access allows the attacker to perform restricted actions such as switching the user's branch, uploading and downloading arbitrary files, and viewing details of arbitrary branches.

Impact Analysis

This vulnerability can have significant impacts including unauthorized access to sensitive data and system functions.

An attacker with minimal privileges can manipulate user branches, upload potentially malicious files, download confidential files, and view sensitive branch details.

Such actions could lead to data breaches, unauthorized data modification, and potential compromise of system integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34024. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart