CVE-2026-34030
Deferred Deferred - Pending Action

Path Traversal in Wertheim SafeController Software

Vulnerability report for CVE-2026-34030, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: SEC Consult Vulnerability Lab

Description

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and settings. An authenticated attacker with the settings_branches_manage privilege can include path traversal sequences in the branch code and influence the final filesystem location used by affected file operations. This can allow files to be stored in unintended locations, subject to service-account write permissions and branch-code length restrictions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-07-05
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wertheim safecontroller 6.15.8328.28014

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in Wertheim SafeController Software allows an authenticated attacker with specific privileges to perform path traversal via branch codes, potentially causing files to be stored in unintended filesystem locations. This could lead to unauthorized data access or modification.

Such unauthorized file storage and potential data exposure or manipulation may impact compliance with data protection regulations like GDPR or HIPAA, which require strict controls over data integrity, confidentiality, and access management.

However, the provided context and resources do not explicitly mention the direct impact of this vulnerability on compliance with these or other common standards and regulations.

Executive Summary

The vulnerability exists in Wertheim SafeController Software version 6.15.8328.28014, where the software does not properly validate the branch code when a new branch is created.

An authenticated attacker with the settings_branches_manage privilege can insert path traversal sequences into the branch code.

Because the branch code is used in multiple application functions, including generating filesystem paths for uploaded files, profile pictures, and settings, this flaw allows the attacker to influence where files are stored on the filesystem.

This can lead to files being stored in unintended locations, depending on the service-account's write permissions and branch-code length restrictions.

Impact Analysis

This vulnerability can allow an attacker with certain privileges to manipulate file storage locations within the application.

By exploiting path traversal in the branch code, the attacker can cause files to be saved outside of intended directories.

This could lead to unauthorized file overwrites, data corruption, or storage of malicious files in sensitive locations, depending on the permissions of the service account.

Mitigation Strategies

To mitigate the vulnerability in Wertheim SafeController Software, it is recommended to apply the vendor-provided patch as soon as possible.

Additionally, a thorough security review of the product should be conducted to identify and resolve any other potential vulnerabilities.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34030. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart