CVE-2026-34029
Received Received - Intake
Hard-Coded Cryptographic Key in Wertheim SafeController Software

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: SEC Consult Vulnerability Lab

Description
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This key can be used to decrypt the licence.whs file, which contains sensitive information about the licensing party and a second key that can be used to decrypt other configuration files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-15
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-34029
EUVD
EUVD-2026-36712
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wertheim safecontroller 6.15.8328.28014
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the Wertheim SafeController Software, specifically in the SafeSystem.Infrastructure.Security.dll component. It contains a hard-coded cryptographic key. An attacker who has access to the application files can reverse engineer this DLL to extract the hard-coded key.

This key can then be used to decrypt the licence.whs file, which holds sensitive information about the licensing party and another key. This second key can be used to decrypt other configuration files, potentially exposing more sensitive data.

Compliance Impact

The vulnerability involves a hard-coded cryptographic key that can be extracted by an attacker to decrypt sensitive licensing information and configuration files. This exposure of sensitive data could potentially lead to non-compliance with data protection standards such as GDPR or HIPAA, which require adequate protection of sensitive information through strong cryptographic controls.

However, the provided context does not explicitly mention the impact on compliance with specific standards or regulations.

Mitigation Strategies

The vulnerability involves a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component of Wertheim SafeController Software. To mitigate this vulnerability, immediate steps include restricting access to the application files to prevent attackers from reverse engineering the DLL and recovering the key.

Additionally, it is recommended to perform a thorough security review of the product to identify and resolve potential vulnerabilities.

Although no specific patch details are provided for this CVE, similar vulnerabilities in Wertheim SafeController software have vendor patches available, so checking for and applying any vendor updates or patches is advised.

Impact Analysis

If exploited, this vulnerability allows an attacker to access sensitive licensing information and potentially other confidential configuration data by decrypting protected files using the recovered cryptographic keys.

This could lead to unauthorized disclosure of sensitive information, compromise of software licensing integrity, and possibly further exploitation depending on the nature of the decrypted configuration files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34029. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart