SCADA
CVE-2026-22553
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.
AnalysisAI
OS command injection in InSAT MasterSCADA BUK-TS through MMadmServ web interface. Unauthenticated RCE on SCADA management server. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | MMadmServ web interface of InSAT MasterSCADA BUK-TS must be accessible and exposed to network. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 9.8, EPSS 1.26%. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | Attacker injects OS commands through the MMadmServ interface, gaining shell access to the SCADA server, potentially manipulating process monitoring. |
| Remediation | Apply vendor patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all instances of InSAT MasterSCADA BUK-TS in your environment and assess their exposure to untrusted networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by in
SQL injection in InSAT MasterSCADA BUK-TS through the main web interface. ICS/SCADA system with unauthenticated SQL inje
FUXA SCADA has yet another authorization bypass — now the seventh critical FUXA vulnerability discovered, enabling unaut
FUXA SCADA has an authentication spoofing vulnerability from versions 1.2.8 through 1.2.10 — tenth critical vulnerabilit
FUXA SCADA has insecure default configuration with a known JWT secret — eighth critical vulnerability.
FUXA SCADA has a path traversal vulnerability — ninth critical vulnerability enabling arbitrary file access on SCADA ser
A remote code execution vulnerability in Honeywell Experion PKS and OneWireless WDM (CVSS 9.4). Critical severity with
FUXA SCADA/HMI software has an additional authorization bypass vulnerability enabling unauthenticated access to industri
FUXA SCADA has an eleventh critical vulnerability — missing authorization from versions 1.2.8 onward.
CVE-2025-1727 is a critical vulnerability in RF-based remote linking protocols used for End-of-Train (EoT) and Head-of-T
Unauthenticated attackers can retrieve sensitive InfluxDB credentials from FUXA versions through 1.2.9 due to missing au
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today