CVE-2026-44611 | THREATINT

Description

Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.

PUBLISHED Reserved 2026-05-07 | Published 2026-05-29 | Updated 2026-05-29 | Assigner icscert

MEDIUM: 5.4CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

MEDIUM: 5.9CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-916 Use of Password Hash With Insufficient Computational Effort

Product status

Default status

unaffected

Any version before 5.250

affected

Credits

Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA. finder

References

www.danelec.com/contact

www.cisa.gov/news-events/ics-advisories/icsa-26-148-01

github.com/...p/csaf_files/OT/white/2026/icsa-26-148-01.json

cve.org (CVE-2026-44611)

nvd.nist.gov (CVE-2026-44611)

Download JSON