CVE-2025-2862 MEDIUM

CVE-2025-2862: Weak Encoding for Password vulnerability in saTECH BCU

Vendor Arteche
Product saTECH BCU
Weakness CWE-261
Published March 28, 2025
Last update March 28, 2025

CVSS base score

6.9/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption.

Key dates

02Disclosure timeline

March 28, 2025 CVE published
March 28, 2025 Record updated