Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
InSAT MasterSCADA BUK-TS: Remote Code Execution via Web Interface
CVE-2026-22553
Summary
InSAT MasterSCADA BUK-TS has a security weakness in its web interface that could allow an attacker to run arbitrary system commands. This could lead to unauthorized access to your system. Update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| insat | masterscada | All versions | – |
Original title
All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially abl...
Original description
All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-78
OS Command Injection
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-05... Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-01 US Government Resource VDB Entry
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026