6.9
CVE-2026-40425
- EPSS 0.38%
- Veröffentlicht 29.05.2026 17:47:17
- Zuletzt bearbeitet 03.06.2026 20:54:47
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginMacGregor Voyage Data Recorder (VDR) G4e Files or Directories Accessible to External Parties
The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Macgregor ≫ Interschalt Vdr G4e Firmware Version < 5.250
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.292 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
| ics-cert@hq.dhs.gov | 6.9 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ics-cert@hq.dhs.gov | 5.7 | 0.9 | 4.7 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
https://www.danelec.com/contact
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json