OS Command Injection Vulnerability in InSAT MasterSCADA BUK-TS
CVE-2026-22553

9.3CRITICAL

Key Information:

Vendor: Insat
Status: Masterscada Buk-ts
Vendor: CVE Published:; 24 February 2026

What is CVE-2026-22553?

The InSAT MasterSCADA BUK-TS platform presents a critical vulnerability allowing OS command injection through an improperly secured field in its MMadmServ web interface. This flaw could be exploited by malicious actors to execute arbitrary commands on the host operating system, potentially leading to unauthorized access, data compromise, or system control. Users of all versions of this product should be aware of the risks associated with this vulnerability and take immediate steps to secure their systems.

Affected Version(s)

MasterSCADA BUK-TS All versions

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
Feb 9, 2026

Credit

Adem El Adeb reported these vulnerabilities to CISA.

CVE-2026-22553 Data

JSON

Insat

What is CVE-2026-22553?

Affected Version(s)

References

CVSS V4

Timeline

Credit