CVE-2026-34024
Received Received - Intake
Missing Authorization in Wertheim SafeController Software

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: SEC Consult Vulnerability Lab

Description
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-34024
EUVD
EUVD-2026-36707
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wertheim safecontroller 6.15.8328.28014
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Wertheim SafeController Software version 6.15.8328.28014 is due to missing authorization checks on multiple web application endpoints.

An authenticated attacker with minimal privileges can access hidden endpoints that are not visible in the frontend but are still directly reachable.

This unauthorized access allows the attacker to perform restricted actions such as switching the user's branch, uploading and downloading arbitrary files, and viewing details of arbitrary branches.

Impact Analysis

This vulnerability can have significant impacts including unauthorized access to sensitive data and system functions.

An attacker with minimal privileges can manipulate user branches, upload potentially malicious files, download confidential files, and view sensitive branch details.

Such actions could lead to data breaches, unauthorized data modification, and potential compromise of system integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34024. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart