CVE-2025-2860
MEDIUMCVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2Description
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.
Analysis
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website. Affected products include: Arteche Satech Bcu Firmware. Version information: version 2.1.3.
Affected Products
Arteche Satech Bcu Firmware.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today