{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-29836","assignerOrgId":"430a6cef-dc26-47e3-9fa8-52fb7f19644e","state":"PUBLISHED","assignerShortName":"directcyber","dateReserved":"2024-03-21T00:52:45.514Z","datePublished":"2024-04-14T23:47:13.849Z","dateUpdated":"2024-08-02T01:17:57.373Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Evolution Controller","vendor":"CS Technologies Australia","versions":[{"status":"affected","version":"2.x"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site."}],"value":"The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site."}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"430a6cef-dc26-47e3-9fa8-52fb7f19644e","shortName":"directcyber","dateUpdated":"2024-04-14T23:47:13.849Z"},"references":[{"url":"https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html"}],"source":{"discovery":"UNKNOWN"},"title":"Broken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creation and takeover","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"affected":[{"vendor":"cs_technologies","product":"evolution_controller","cpes":["cpe:2.3:a:cs_technologies:evolution_controller:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"2.04.560.31.03.2024","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-26T15:04:43.279807Z","id":"CVE-2024-29836","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-26T15:05:49.895Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T01:17:57.373Z"},"title":"CVE Program Container","references":[{"url":"https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html","tags":["x_transferred"]}]}]}}