Description
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.
CVSS breakdown
CVSS 4.0
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- Wertheim GmbH / Wertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller)Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319 – Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319