CVE-2025-2860

MEDIUM

SaTECH BCU Firmware 2.1.3 - Authenticated Sensitive Information Exposure via XML File Access

Title source: llm

Description

SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu

Scores

CVSS v3 5.3

EPSS 0.0029

EPSS Percentile 20.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

arteche/satech_bcu_firmware 2.1.3

Published Mar 28, 2025

Tracked Since Feb 18, 2026