CVE-2026-21410

Critical

CVSS 9.8

Description

InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.

CVSS Score

9.8/ 10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Classification (CWE)

CWE-89SQL InjectionMITRE

References (2)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-01.jsonics-cert@hq.dhs.gov https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-01ics-cert@hq.dhs.gov

Risk Assessment

ELEVATED

Critical CVSS

Details

Severity: Critical
CVSS: 9.8
CWE: CWE-89
CISA KEV: No
Articles: 1

Timeline

Published

Feb 24, 2026

External Links

NVD (NIST)CVE Details MITRE CVE