CRITICAL🇵🇱 Wersja polska

CVE-2024-29836

CVSS 9.8v3.1pub. 2024-04-15upd. 2025-12-10

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site.

🤖 AI Analysis
How it works

The Evolution Controller web application does not require authentication to perform operations on user profiles. Incorrect configuration of the access control mechanism (CWE-284) allows an unauthenticated attacker to send requests to user management endpoints. As a result, an attacker can create new accounts or modify existing profiles, and then log in with full privileges.

Impact

An attacker without any authentication can gain full access to the Evolution Controller application, including user management and all system functions. This results in a complete breach of confidentiality, integrity, and availability of the application.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. It is also recommended to restrict access to the Evolution Controller web interface only to trusted networks or IP addresses at the firewall level until the update is deployed.

Who is affected

Cs-Technologies Evolution Controller in version 2.04.560.31.03.2024 and earlier.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cs Technologies Evolution

    APP
    Cs-Technologies
    ≤ 2.04.560
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-29844CRITICAL9.8PL ✓ten sam produkt

Domyślne dane logowania w Evolution Controller 2.x umożliwiają pełen dostęp administracyjny

CVE-2024-29838HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user...

CVE-2024-29839HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured ac...

CVE-2024-29840HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured ac...

CVE-2024-29837HIGH8.8ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management,...