CVE-2026-40425

EUVD-2026-33403
The administrator account for the

Danelec MacGregor Voyage Data Recorder
web interface can directly edit sensitive files related to authentication, potentially changing the root password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.7 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01
https://www.danelec.com/contact