CVE-2024-10035 is a critical vulnerability in the CoslatV3 product by BG-TEK Informatics Security Technologies, identified as improper control of code generation leading to code injection (CWE-94), command injection (CWE-77), and OS command injection (CWE-78). The flaw allows an attacker with local low-level privileges to inject and execute arbitrary code or OS commands on the affected system. This can lead to privilege escalation, enabling attackers to gain higher-level access than initially permitted. The vulnerability affects all versions up to 3.1069. The root cause lies in the product's failure to properly neutralize special characters and elements in commands and code generation processes, allowing malicious input to be executed. The vendor has confirmed that CoslatV3 is no longer supported, and no patches or updates are available to remediate this issue. The CVSS 4.0 score is 9.2 (critical), reflecting the high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. Exploitation requires local access with some privileges but can lead to full system compromise. No known exploits are currently in the wild, but the lack of vendor support and the severity make this a significant risk. Organizations relying on CoslatV3 must consider immediate mitigation strategies to reduce exposure.

For European organizations, this vulnerability poses a severe risk, especially in sectors where CoslatV3 is deployed for security or operational technology purposes. Successful exploitation can lead to unauthorized command execution and privilege escalation, potentially resulting in data breaches, system manipulation, or denial of service. The impact on confidentiality is high as attackers can access sensitive data; integrity is compromised through unauthorized code execution; and availability can be disrupted by malicious commands. Critical infrastructure, government agencies, and enterprises using CoslatV3 in Europe could face operational disruptions and reputational damage. The lack of vendor support and patches increases the risk of prolonged exposure. Attackers with local access, such as insiders or those who gain initial footholds through other means, can leverage this vulnerability to escalate privileges and move laterally within networks. This elevates the threat landscape for European organizations relying on this product.

Given the absence of vendor patches, European organizations should implement strict access controls to limit local access to systems running CoslatV3. Employ network segmentation to isolate vulnerable systems from critical infrastructure and sensitive data environments. Monitor and audit local user activities closely to detect suspicious command executions or privilege escalations. Consider deploying host-based intrusion detection systems (HIDS) to identify anomalous behavior indicative of exploitation attempts. Where feasible, migrate to alternative, supported security products to eliminate exposure. Apply application whitelisting and restrict execution of unauthorized code on affected hosts. Regularly update and patch other system components to reduce the attack surface. Conduct thorough risk assessments to prioritize remediation efforts and develop incident response plans tailored to potential exploitation scenarios. Engage with cybersecurity authorities for guidance and threat intelligence sharing regarding this vulnerability.