CVE-2025-2862

EPSS 0.05%
Veröffentlicht 28.03.2025 13:15:08
Zuletzt bearbeitet 15.10.2025 16:50:59
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arteche ≫ Satech Bcu Firmware Version2.1.3

Arteche ≫ Satech Bcu Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.14

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cve-coordination@incibe.es	6.9	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-261 Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password.

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-2862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2862

EUVD