Description
InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.
Published: 2026-02-24
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Assess Impact
AI Analysis

Impact

The MasterSCADA BUK‑TS system is exposed to a classic SQL Injection flaw through its primary web interface. Attackers who can reach the vulnerable endpoint can inject malicious SQL statements that may ultimately lead to remote code execution, granting them full control over the compromised host and the underlying SCADA infrastructure.

Affected Systems

The affected product is InSAT MasterSCADA BUK‑TS. No specific version information is provided, so all installations of this SCADA suite should be evaluated for exposure.

Risk and Exploitability

The CVSS base score of 9.3 indicates a high‑severity vulnerability that affects confidentiality, integrity, and availability. Although the EPSS score is reported as less than 1%, this does not mean the risk is negligible; the vulnerability remains actively exploitable over the web interface. It is not currently listed in the CISA KEV catalog, suggesting it has not yet been widely exploited in the wild. The likely attack vector is external, via the web interface, and requires only authenticated or unauthenticated HTTP access, depending on the deployment configuration.

Generated by OpenCVE AI on April 17, 2026 at 15:38 UTC.

Remediation

Vendor Workaround

InSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information.

OpenCVE Recommended Actions

  • Identify all environments running InSAT MasterSCADA BUK‑TS and determine whether the web interface is exposed to the internet or untrusted networks.
  • If external access is unavoidable, restrict the web interface to a narrow range of trusted IP addresses and enforce strong authentication.
  • Configure the application to use parameterized queries or stored procedures to eliminate the injection vector in accordance with CWE‑89 best practices.
  • Monitor system and network logs for suspicious SQL activity, and maintain awareness of any vendor releases or advisories addressing this issue.

Generated by OpenCVE AI on April 17, 2026 at 15:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Feb 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Insat masterscada
CPEs cpe:2.3:a:insat:masterscada:*:*:*:*:*:*:*:*
Vendors & Products Insat masterscada

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Insat
Insat masterscada Buk-ts
Vendors & Products Insat
Insat masterscada Buk-ts

Tue, 24 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Description InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.
Title InSAT MasterSCADA BUK-TS SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Insat Masterscada Masterscada Buk-ts
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-02-26T19:41:40.457Z

Reserved: 2026-02-09T17:52:06.910Z

Link: CVE-2026-21410

cve-icon Vulnrichment

Updated: 2026-02-26T19:41:22.919Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T21:16:25.790

Modified: 2026-02-27T03:13:28.340

Link: CVE-2026-21410

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T15:45:15Z

Weaknesses