CVE-2026-34021
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
The Wertheim SafeController 5400 (AssemblyVersion 6.11.8130.22320) uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path can sniff and replay RS-485 messages.
Risk Assessment
The lack of cryptographic protection exposes the system to attacks that can lead to message spoofing, such as deactivating the safe alarm, posing a serious security threat.
Recommendation
It is recommended to implement cryptographic protection for RS-485 communication and to monitor access to communication paths to minimize risk.
Original NVD description (English source)
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485 messages and replay previously observed messages. This can be used, for example, to spoof a "quit alarm" message and continuously deactivate the safe alarm.

