CVE-2026-42941
Analyzed Analyzed - Analysis Complete
Default Credentials in Danelec MacGregor Voyage Data Recorder

Publication date: 2026-05-29

Last updated on: 2026-06-04

Assigner: ICS-CERT

Description
The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-04
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-42941
EUVD
EUVD-2026-33395
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
macgregor interschalt_vdr_g4e_firmware to 5.250 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Danelec MacGregor Voyage Data Recorder device includes a default username and password that are not required to be changed by the user.

This means the device uses hard-coded credentials embedded in its firmware, allowing attackers to gain unauthorized access.

Such unauthorized access can potentially lead to administrator-level control of the device.

Compliance Impact

The vulnerability involves default usernames and passwords with no enforced password change, which can lead to unauthorized access to the device.

Such unauthorized access risks compromising confidentiality, integrity, and availability of data, which are critical aspects of compliance with standards like GDPR and HIPAA.

Failure to secure devices against unauthorized access may result in non-compliance with these regulations, as they require protection of sensitive data and proper access controls.

Impact Analysis

This vulnerability can allow attackers to gain unauthorized access to the Voyage Data Recorder device.

With such access, attackers may achieve administrator-level control, which can compromise the confidentiality, integrity, and availability of the device and its data.

This could lead to manipulation or loss of critical voyage data, potentially impacting vessel operations and safety.

Mitigation Strategies

The vulnerability involves default usernames and passwords embedded in the device firmware, allowing unauthorized access.

To mitigate this vulnerability, users should promptly update their MacGregor Voyage Data Recorder devices to the vendor-released firmware version V5.250, which addresses the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42941. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart