CVE-2024-29838

Summary

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software

Affected Software

VendorProductVersion RangeStatus
CS Technologies AustraliaEvolution Controller2.xaffected

Weaknesses

  • CWE-457: CWE-457 Use of Uninitialized Variable
  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References