PatchSiren cyber security CVE debrief
CVE-2026-21410 InSAT CVE debrief
CVE-2026-21410 is a critical SQL injection issue affecting InSAT MasterSCADA BUK-TS. According to the CISA CSAF advisory, the vulnerable main web interface may allow a malicious user to trigger remote code execution. Because the attack vector is network-accessible, requires no privileges, and has no user interaction requirement in the provided CVSS vector, this should be treated as an urgent remediation item for exposed installations.
- Vendor
- InSAT
- Product
- MasterSCADA BUK-TS
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-24
- Original CVE updated
- 2026-02-24
- Advisory published
- 2026-02-24
- Advisory updated
- 2026-02-24
Who should care
Organizations operating InSAT MasterSCADA BUK-TS, especially OT/ICS environments with the web interface reachable from trusted or untrusted networks. Security teams responsible for industrial control system segmentation, monitoring, and application hardening should prioritize this advisory.
Technical summary
The supplied advisory describes a SQL injection vulnerability in the product’s main web interface. The provided CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which aligns with a network-reachable flaw that can have high confidentiality, integrity, and availability impact. The advisory states that malicious users using the vulnerable endpoint are potentially able to cause remote code execution. No mitigation or patch details were included in the supplied source beyond CISA’s recommendation to contact the vendor.
Defensive priority
Critical. Prioritize immediate assessment of exposure, isolation of affected systems where practical, and rapid vendor coordination for mitigation or compensating controls.
Recommended defensive actions
- Identify all deployments of InSAT MasterSCADA BUK-TS and confirm whether the main web interface is exposed to untrusted or broadly reachable networks.
- Restrict network access to the web interface using segmentation, firewall rules, and allowlisting until a vendor fix or validated mitigation is available.
- Review authentication, logging, and administrative access controls around the affected interface for anomalous activity.
- Monitor CISA and vendor communications for remediation guidance, and contact the vendor using the advisory-provided addresses if you operate affected products.
- Apply standard ICS defense-in-depth measures from CISA guidance, including minimizing exposure of OT assets and tightening remote management paths.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-26-055-01, which identifies CVE-2026-21410 as a SQL injection issue in InSAT MasterSCADA BUK-TS and states that malicious users may be able to cause remote code execution. The advisory also includes the CVSS v3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and lists no KEV status in the provided corpus. Publication and modification timestamps supplied in the corpus are 2026-02-24T07:00:00.000Z.
Official resources
-
CVE-2026-21410 CVE record
CVE.org
-
CVE-2026-21410 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-26-055-01 for CVE-2026-21410 on 2026-02-24T07:00:00.000Z. The supplied advisory notes that InSAT had not responded to requests to work with CISA on mitigation and directs affected users to contact the vendor at