CVE-2025-2862

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

S

aTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:arteche:satech_bcu_firmware:2.1.3:*:*:*:*:*:*:*

cpe:2.3:h:arteche:satech_bcu:-:*:*:*:*:*:*:*

History

15 Oct 2025, 16:50

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:h:arteche:satech_bcu:-:::::::* cpe:2.3:o:arteche:satech_bcu_firmware:2.1.3:::::::*
First Time		Arteche Arteche satech Bcu Firmware Arteche satech Bcu
Summary		(es) SaTECH BCU, en su versión de firmware 2.1.3, utiliza un cifrado de contraseñas débil. Esto permite que un atacante con acceso al sistema o sitio web del dispositivo obtenga las credenciales, ya que los métodos de almacenamiento utilizados no ofrecen un cifrado lo suficientemente sólido.
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu -~~	() https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu - Third Party Advisory

28 Mar 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-28 14:15

Updated : 2025-10-15 16:50

NVD link : CVE-2025-2862

Mitre link : CVE-2025-2862

CVE.ORG link : CVE-2025-2862

JSON object : View

Products Affected

CWE

CWE-261

Weak Encoding for Password

{"id": "CVE-2025-2862", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-28T14:15:21.257", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-261"}]}], "descriptions": [{"lang": "en", "value": "SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption."}, {"lang": "es", "value": "SaTECH BCU, en su versi\u00f3n de firmware 2.1.3, utiliza un cifrado de contrase\u00f1as d\u00e9bil. Esto permite que un atacante con acceso al sistema o sitio web del dispositivo obtenga las credenciales, ya que los m\u00e9todos de almacenamiento utilizados no ofrecen un cifrado lo suficientemente s\u00f3lido."}], "lastModified": "2025-10-15T16:50:59.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arteche:satech_bcu_firmware:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A65A2842-1A84-420B-9F90-2F0DB0F0709C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arteche:satech_bcu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "089E0E50-93BD-4E13-A4E5-982A20BD8877"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}