PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-42941 Danelec CVE debrief

CVE-2026-42941 documents a default credential vulnerability in the Danelec MacGregor Voyage Data Recorder (VDR), a maritime safety device used to record ship operational data. The device ships with a default username and password that cannot be changed by users, creating a persistent authentication bypass risk for attackers with adjacent network access. CISA published this advisory on May 28, 2026 (ICS Advisory ICSA-26-148-01), with NVD receiving the entry on May 29, 2026. The CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L) reflects high confidentiality and integrity impact with low availability impact, requiring only adjacent network access without privileges or user interaction. The weakness maps to CWE-1392 (Use of Default Credentials). No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.

Vendor
Danelec
Product
MacGregor Voyage Data Recorder (VDR) G4e
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-29
Original CVE updated
2026-05-29
Advisory published
2026-05-29
Advisory updated
2026-05-29

Who should care

Maritime operators, ship owners, fleet management companies, port authorities, and OT security teams responsible for vessel safety systems and voyage data recorders. Relevant to organizations implementing IMO cybersecurity guidelines and IEC 62443 standards for maritime control systems.

Technical summary

The Danelec MacGregor Voyage Data Recorder contains hardcoded or unchangeable default credentials (CWE-1392), allowing attackers with adjacent network access to authenticate without valid user credentials. The CVSS 4.0 score of 8.7 (HIGH) reflects high impacts to confidentiality and integrity of recorded voyage data, with low availability impact. Attack complexity is low, requiring no privileges or user interaction. This vulnerability class is particularly critical in maritime operational technology environments where VDRs may be network-accessible for remote monitoring or data retrieval purposes.

Defensive priority

HIGH

Recommended defensive actions

  • Contact Danelec Marine immediately to obtain patched firmware or configuration guidance that removes or allows modification of default credentials
  • Segment VDR devices on isolated network segments with strict access controls; restrict management interfaces to dedicated operational technology (OT) networks only
  • Audit all deployed Danelec MacGregor VDR units for unauthorized access or configuration changes; review authentication logs if available
  • Monitor network traffic to and from VDR devices for anomalous connections, particularly from unexpected source addresses
  • Apply network-level access controls (firewall rules, VLAN segmentation) to limit adjacent network access per CVSS attack vector until vendor patch is available
  • Coordinate with vessel IT/OT security teams to ensure maritime safety system availability is maintained during remediation activities

Evidence notes

Source references include CISA ICS Advisory ICSA-26-148-01 and CSAF JSON file. Vendor contact information available via Danelec official website. NVD status shows 'Received' indicating initial processing. CVSS 4.0 vector provided in source metadata.

Official resources

2026-05-28