CRITICAL🇵🇱 Wersja polska

CVE-2024-29844

CVSS 9.8v3.1pub. 2024-04-15upd. 2025-12-10

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.

🤖 AI Analysis
How it works

The application does not require users to change the default password during installation or on first launch. No warning or prompt is displayed to change the default credentials. As a result, anyone knowing the factory login credentials can log in directly to the web interface and perform administrative functions without any additional authentication barriers.

Impact

An attacker gains full administrative access to the Evolution Controller system, enabling them to read and modify configuration, and potentially compromise the confidentiality, integrity, and availability of the controlled environment.

Mitigation & patch

Immediately change the default administrative password to a strong, unique password and apply patches available from the manufacturer according to the references. It is also recommended to restrict access to the web interface only to trusted IP addresses using a firewall and to monitor unauthorized login attempts.

Who is affected

Cs-Technologies Evolution Controller version 2.x with default web interface configuration

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cs Technologies Evolution

    APP
    Cs-Technologies
    ≤ 2.04.560
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-29836CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w Evolution Controller — nieautoryzowane przejęcie kont

CVE-2024-29837HIGH8.8ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management,...

CVE-2024-29838HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user...

CVE-2024-29839HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured ac...

CVE-2024-29840HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured ac...