{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-42929","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2026-05-07T16:55:26.131Z","datePublished":"2026-05-29T17:44:48.753Z","dateUpdated":"2026-05-29T19:45:30.368Z"},"containers":{"cna":{"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2026-05-29T17:44:48.753Z"},"title":"MacGregor Voyage Data Recorder (VDR) G4e Use of Hard-coded Credentials","datePublic":"2026-05-28T17:22:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-798","description":"CWE-798 Use of Hard-coded Credentials","type":"CWE"}]}],"affected":[{"vendor":"Danelec","product":"MacGregor Voyage Data Recorder (VDR) G4e","versions":[{"status":"affected","version":"0","lessThan":"5.250","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Danelec MacGregor Voyage Data Recorder\nincludes default accounts with hard-coded credentials.","supportingMedia":[{"type":"text/html","base64":false,"value":"Danelec MacGregor Voyage Data Recorder\nincludes default accounts with hard-coded credentials."}]}],"references":[{"url":"https://www.danelec.com/contact"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW","baseSeverity":"HIGH","baseScore":8.3,"vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":8.7,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"}}],"solutions":[{"lang":"en","value":"Danelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions: https://www.danelec.com/contact","supportingMedia":[{"type":"text/html","base64":false,"value":"Danelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions: https://www.danelec.com/contact"}]}],"credits":[{"lang":"en","value":"Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA.","type":"finder"}],"source":{"advisory":"ICSA-26-148-01","discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-29T19:45:18.231200Z","id":"CVE-2026-42929","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-29T19:45:30.368Z"}}]}}