CVE-2024-10035 CRITICAL

CVE-2024-10035: Code Injection in BG-TEK's CoslatV3

Vendor Bg-Tek Informatics Security Technologies
Product CoslatV3
Weakness CWE-94 · Code injection
Published November 4, 2024
Last update June 2, 2026

CVSS base score

9.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N

What the vulnerability does

01Description

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation. This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported.

Key dates

02Disclosure timeline

November 4, 2024 CVE published
June 2, 2026 Record updated