BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·6d ago

MacGregor Voyage Data Recorder (VDR) G4e

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could result in an attacker gaining administrator access to the device. /strong /p p The following versions of MacGregor Voyage Data Recorder (VDR) G4e are affected: /p ul li MacGregor Voyage Data Recorder (VDR) G4e /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.3 /td td Danelec /td td MacGregor Voyage Data Recorder (VDR) G4e /td td Use of Default Credentials, Insufficiently Protected Credentials, Use of Password Hash With Insufficient Computational Effort, Use of Hard-coded Credentials, Files or Directories Accessible to External Parties /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Transportation Systems /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Denmark /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-42941 /a /h3 div class="csaf-accordion-content" p The VDR device includes a default username and password, with no enforced password change. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-42941" View CVE Details /a /p hr h4 Affected Products /h4 h5 MacGregor Voyage Data Recorder (VDR) G4e /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Danelec /div div class="ics-version" strong Product Version: /strong br Danelec MacGregor Voyage Data Recorder (VDR) G4e: lt;V5.250 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Danelec, who own MacGregor, has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions: https://www.danelec.com/contact br a href="https://www.danelec.com/contact" https://www.danelec.com/contact /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/1392.html" CWE-1392 Use of Default Credentials /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnhea

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin