CVE-2026-21410

Summary

InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.

Affected Software

VendorProductVersion RangeStatus
InSATMasterSCADA BUK-TSAll versionsaffected

Weaknesses

  • CWE-89: CWE-89

Workarounds

InSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References