Primary

Context

InSAT MasterSCADA BUK-TS OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability exists in all versions of InSAT MasterSCADA BUK-TS, allowing for OS command injection via a field in the MMadmServ web interface. This flaw could enable remote code execution by malicious users who exploit the vulnerable endpoint.

Impact

Exploitation of this vulnerability could lead to unauthorized OS command execution, potentially allowing an attacker to execute arbitrary code on the server where InSAT MasterSCADA BUK-TS is running.

Remediation

InSAT has not responded to requests to collaborate with CISA on mitigating these vulnerabilities. Users are encouraged to contact InSAT via email for more information.

Added: Feb 24, 2026, 9:18 PM

Updated: Feb 24, 2026, 9:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

InSAT MasterSCADA BUK-TS OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating