A critical OS command injection vulnerability in MasterSCADA BUK-TS allows remote attackers to execute arbitrary system commands and take full control of the SCADA server.

The vulnerability is located in a specific field within the MMadmServ web interface. The application fails to sanitize input before passing it to the operating system shell, allowing a malicious user to inject and execute arbitrary commands with the privileges of the web service.

As this affects all versions of the software, the risk to industrial operations is substantial. An attacker could use this RCE to disrupt manufacturing processes, manipulate sensor data, or disable safety protocols. The CVSS score of 9.8 underscores the critical nature of this vulnerability in an ICS environment.

Immediate Action: Contact InSAT for the latest security patch or mitigation guidance, as all current versions are reported as susceptible. If no patch is available, disable the MMadmServ interface.

Proactive Monitoring: Use host-based intrusion detection systems (HIDS) to monitor for unexpected shell activity or child processes spawned by the MasterSCADA web service.

Compensating Controls: Isolate the SCADA network from the corporate network and the internet. Use a jump host with multi-factor authentication for any necessary administrative access.

Public Exploit Available: No

The presence of command injection in a SCADA management interface is an emergency-level security event. Organizations must isolate these systems immediately and apply vendor updates as soon as they are released to prevent potentially catastrophic operational failures.