CVE-2026-44611 MEDIUM

Published: 2026-05-29 | Last Modified: 2026-06-04 | Status: Analyzed

Description

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.

CVSS Metrics

Base Score: 5.4 (MEDIUM)

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector	ADJACENT_NETWORK
Attack Complexity	HIGH
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	LOW
Availability Impact	NONE

Source: [email protected]

Type: Secondary

Exploitability Score: 1.2

Impact Score: 4.2

Base Score: 5.9 (MEDIUM)

CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	ADJACENT
Attack Complexity	HIGH
Attack Requirements	NONE
Privileges Required	LOW
User Interaction	NONE
Vulnerability Confidentiality	HIGH
Vulnerability Integrity	LOW
Vulnerability Availability	NONE
Subsequent Confidentiality	NONE
Subsequent Integrity	NONE
Subsequent Availability	NONE

Source: [email protected]

Type: Secondary

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-916

Affected Products

Vendor	Product	Version	Update	Type
macgregor	interschalt_vdr_g4e_firmware	*	<built-in method update of dict object at 0x7f7639cccdc0>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:macgregor:interschalt_vdr_g4e_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:macgregor:interschalt_vdr_g4e:-:::::::*`

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json
Source: [email protected]

US Government Resource Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01
Source: [email protected]

US Government Resource Third Party Advisory
https://www.danelec.com/contact
Source: [email protected]

Product