Primary

Context

Arteche saTECH BCU Session Hijacking Vulnerability via Cookie Theft

Vulnerability

A vulnerability exists in Arteche's saTECH BCU control and automation equipment, specifically in version 2.1.3. This vulnerability allows an attacker with network access to intercept traffic and capture user cookies. By doing so, the attacker can hijack active user sessions and potentially make changes to the device through the web interface, depending on the privileges of the user whose session was stolen.

Impact

Exploitation of this vulnerability allows for session hijacking, where an attacker can impersonate a user and access their privileges on the device.

Remediation

Users can upgrade to saTECH BCU firmware version 2.2.1 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Arteche saTECH BCU Session Hijacking Vulnerability via Cookie Theft

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating