The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment, it was possible to break the encryption/decryption routine and decrypt messages without knowledge of the encryption key. It was also possible to gain knowledge about the encryption key by intercepting enough messages.
Physically isolate all SafeController devices so that only authorized personnel can access them. Harden all connected systems that communicate with the controller, disable unnecessary services, and restrict access to authorized personnel only. Ensure that servers communicating with SafeController devices use strong, unique authentication credentials and are not accessible to unauthorized users. Maintain physical security of all interconnected components to prevent unauthorized access or tampering.
No fix is available for this issue. The vendor stated that the encryption algorithm for Controller 65000 cannot be improved or fixed because of missing hardware support. Affected parties should assess the business risk and switch to a supported version if unsupported products are in use.