CVE-2026-42951
Authenticated Backup Download Exposes Credentials in Danelec MacGregor Voyage Data Recorder
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated user to download a backup of the Danelec MacGregor Voyage Data Recorder device, which includes account data and password hashes.
Exposure of account data and password hashes could lead to unauthorized access or data breaches, potentially impacting compliance with data protection regulations such as GDPR and HIPAA that require safeguarding personal and sensitive information.
However, specific impacts on compliance are not detailed in the provided information.
Can you explain this vulnerability to me?
This vulnerability allows an authenticated user to download a backup of the Danelec MacGregor Voyage Data Recorder device.
The backup includes sensitive information such as account data and password hashes.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive account data and password hashes if an attacker gains authenticated access.
This could potentially allow further compromise of the device or related systems by exploiting the exposed credentials.