{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-34021/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-15T13:10:40.668Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-34021","@id":"https://www.cve.org/CVERecord?id=CVE-2026-34021","description":"The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485 messages and replay previously observed messages. This can be used, for example, to spoof a \"quit alarm\" message and continuously deactivate the safe alarm."},"products":[{"@id":"cpe:2.3:a:wertheim_gmbh:wertheim_safecontroller_5400_hardware_for_vault_rooms_\\(safe_deposit_locker_system_-_microcontroller\\):wertheim_safecontroller_5400\\,_controller_5400_-_assemblyversion_6.11.8130.22320:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:wertheim_gmbh:wertheim_safecontroller_5400_hardware_for_vault_rooms_\\(safe_deposit_locker_system_-_microcontroller\\):wertheim_safecontroller_5400\\,_controller_5400_-_assemblyversion_6.11.8130.22320:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-15T13:10:40.668Z"}]}