CVE Catalog

CVE-2026-34021

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

9th percentile - higher than 9% of all known CVEs

Summary

The Wertheim SafeController 5400 (AssemblyVersion 6.11.8130.22320) uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path can sniff and replay RS-485 messages.

Risk Assessment

The lack of cryptographic protection exposes the system to attacks that can lead to message spoofing, such as deactivating the safe alarm, posing a serious security threat.

Recommendation

It is recommended to implement cryptographic protection for RS-485 communication and to monitor access to communication paths to minimize risk.

Original NVD description (English source)

The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485 messages and replay previously observed messages. This can be used, for example, to spoof a "quit alarm" message and continuously deactivate the safe alarm.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS