CVE-2026-42941 HIGH

Published: 2026-05-29 | Last Modified: 2026-06-04 | Status: Analyzed

Description

The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.

CVSS Metrics

Base Score: 8.3 (HIGH)

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector	ADJACENT_NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	LOW

Source: [email protected]

Type: Secondary

Exploitability Score: 2.8

Impact Score: 5.5

Base Score: 8.7 (HIGH)

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	ADJACENT
Attack Complexity	LOW
Attack Requirements	NONE
Privileges Required	NONE
User Interaction	NONE
Vulnerability Confidentiality	HIGH
Vulnerability Integrity	HIGH
Vulnerability Availability	LOW
Subsequent Confidentiality	NONE
Subsequent Integrity	NONE
Subsequent Availability	NONE

Source: [email protected]

Type: Secondary

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-1392

Affected Products

Vendor	Product	Version	Update	Type
macgregor	interschalt_vdr_g4e_firmware	*	<built-in method update of dict object at 0x7f76003c25c0>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:macgregor:interschalt_vdr_g4e_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:macgregor:interschalt_vdr_g4e:-:::::::*`

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json
Source: [email protected]

US Government Resource Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01
Source: [email protected]

US Government Resource Third Party Advisory
https://www.danelec.com/contact
Source: [email protected]

Product