Primary

Context

InSAT MasterSCADA BUK-TS SQL Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A SQL injection vulnerability has been identified in InSAT MasterSCADA BUK-TS, affecting all versions. This vulnerability exists within the main web interface, where malicious users can exploit a vulnerable endpoint to execute arbitrary code remotely.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the server where InSAT MasterSCADA BUK-TS is running.

Remediation

InSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information.

Added: Feb 24, 2026, 9:19 PM

Updated: Feb 24, 2026, 9:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

InSAT MasterSCADA BUK-TS SQL Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating