CVE-2026-34021
Description
Wertheim SafeController 5400 uses unencrypted RS-485 communication, allowing attackers to sniff and replay messages such as 'quit alarm' to disable safe alarms.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Wertheim SafeController 5400 uses unencrypted RS-485 communication, allowing attackers to sniff and replay messages such as 'quit alarm' to disable safe alarms.
Vulnerability
The Wertheim SafeController 5400 (also known as Controller 5400, AssemblyVersion 6.11.8130.22320) lacks cryptographic protection for RS-485 serial communication between the server and the microcontroller. This design flaw allows any attacker with access to the communication path to intercept and replay arbitrary protocol messages. The device is marked as end-of-life (EOL) by the vendor [1].
Exploitation
An attacker must gain physical or logical access to the RS-485 bus connecting the server and the microcontroller. This could be achieved through an already-compromised server or by tapping the wiring directly. Once in position, the attacker can passively sniff all messages and later replay previously observed messages, such as a 'quit alarm' command [1].
Impact
Successful exploitation enables the attacker to spoof a 'quit alarm' message, continuously deactivating the safe alarm system. This undermines the security of the safe deposit locker system, potentially allowing unauthorized access without triggering an alarm. The impact is limited to the SafeController 5400 product line [1].
Mitigation
The SafeController 5400 is marked as end-of-life (EOL) by the vendor, and no patched firmware will be provided. Users are advised to assess the business risk and migrate to a supported product line, such as the SafeController 65000, though that line also has known weaknesses [1]. No workaround is available from the vendor. The CVE is not listed in the known exploited vulnerabilities (KEV) catalog as of publication.
AI Insight generated on Jun 15, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 6.11.8130.22320
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The serial RS-485 communication between the microcontroller and the server is not cryptographically protected, allowing message sniffing and replay."
Attack vector
An attacker who has already compromised the server or is able to capture the traffic between the server and the microcontroller can sniff RS-485 messages because the serial communication lacks cryptographic protection [ref_id=1]. The attacker can then replay previously observed messages, for example to spoof a 'quit alarm' message and continuously deactivate the safe alarm [ref_id=1]. The attack requires physical or logical access to the RS-485 communication path between the server and the microcontroller [ref_id=1].
What the fix does
The affected SafeController 5400 is marked as end-of-life (EOL), and the vendor states that no patches will be provided [ref_id=1]. The advisory recommends assessing the business risk and switching to a supported version if any EOL products are used [ref_id=1]. No code-level fix is available because the hardware is no longer supported.
Preconditions
- networkThe attacker must have access to the RS-485 communication path between the server and the microcontroller.
- inputThe attacker must be able to capture (sniff) RS-485 messages.
Generated on Jun 15, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.