CVE-2026-34028
Deferred Deferred - Pending Action

Unauthenticated File Access in Wertheim SafeController Software

Vulnerability report for CVE-2026-34028, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: SEC Consult Vulnerability Lab

Description

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyId_[ID]/Audio/ and /SafeData/.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-07-05
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wertheim safecontroller 6.15.8328.28014

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-425 The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include restricting access to the exposed HTTP endpoints by implementing proper authorization controls to prevent unauthenticated access.

Additionally, applying any available patches or updates from the vendor is critical to address this and related vulnerabilities.

A thorough security review of the product is recommended to identify and resolve other potential issues.

Executive Summary

The vulnerability in the Wertheim SafeController Software version 6.15.8328.28014 allows an unauthenticated attacker to access certain web-accessible file paths without any authorization. This means that anyone can directly reach HTTP endpoints and download files from specific directories such as /Resources/CompanyId_[ID]/Audio/ and /SafeData/ without needing to log in or have permissions.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of potentially sensitive files stored in the exposed directories. Since no authentication is required, attackers can freely download files, which might include confidential company data or other sensitive information. This can result in data breaches, loss of confidentiality, and potential misuse of the exposed data.

Compliance Impact

The vulnerability in Wertheim SafeController Software allows unauthenticated attackers to access web-accessible file paths without authorization, potentially exposing sensitive data. Such unauthorized data exposure can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls on access to personal and sensitive information.

Since the software is used in financial institutions and manages sensitive safe deposit box information, this vulnerability could compromise confidentiality and audit requirements mandated by standards such as ISO 27001:2022, which is referenced as a certified quality standard for the software.

Therefore, failure to address this vulnerability may result in violations of regulatory requirements related to data privacy, access control, and audit transparency.

Detection Guidance

This vulnerability involves unauthorized access to web-accessible file paths without authentication. To detect it on your network or system, you can attempt to access the exposed HTTP endpoints directly to see if files can be downloaded without authorization.

  • Use curl or wget commands to request files from the vulnerable paths, for example:
  • curl -I http://<target>/Resources/CompanyId_[ID]/Audio/
  • curl -I http://<target>/SafeData/

If these commands return HTTP 200 responses and allow file downloads without authentication, the vulnerability is present.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34028. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart