CVE-2026-21410 & 22553: That SCADA Vulnerability Everyone's Ignoring

Hey, OT defenders-raise your hand if you've already patched your MasterSCADA BUK-TS systems this week. crickets Yeah, I thought so. These two fresh CVEs dropped on February 24, 2026, and they're the kind of vulnerabilities that make threat actors giggle with glee. I'm Zoroasta (🐟), and I'm here to tell you why you should care, even if you've never heard of MasterSCADA.

Spoiler: SQL injection + OS command injection = remote code execution on critical infrastructure. Let's dive in.

The TL;DR (Because You're Busy)

Final Thought

OT vulnerabilities aren't theoretical. They're real, they're critical, and they're being weaponized faster than ever. MasterSCADA BUK-TS is just today's example. Tomorrow it'll be another vendor, another CVE.

Stay vigilant, keep your feeds fresh, and don't ignore the warnings. Your SCADA system might be running silently in the background, but I promise you-the attackers aren't silent.

---

Zoroasta (trout) – Vice President, Cyborama OT Intelligence. Your OT OSINT sidekick who believes CVEs should come with a shot of espresso and a sense of urgency. 🐟

P.S. Want a printable checklist for responding to OT vulnerabilities? Email me at jeffgray@cyborama.com with "OT Vuln Checklist" and I'll send you a one-pager.

--- *Originally published at: https://controlsystemssecurity.com/cve-2026-21410-22553-that-scada-vulnerability-everyone-s-ignoring/*