MacGregor Voyage Data Recorder (VDR) G4e
Summary
CISA has issued an alert regarding multiple vulnerabilities in the MacGregor Voyage Data Recorder (VDR) G4e, specifically related to insecure credential management. Successful exploitation could grant an attacker administrator access to the device.
IFF Assessment
These vulnerabilities allow attackers to gain administrator access, posing a significant risk to the operational integrity of critical transportation infrastructure.
Severity
The CVSS score of 8.3 reflects the critical severity, indicating that these vulnerabilities are exploitable over a network and can lead to a complete compromise of confidentiality, integrity, and availability, granting administrator access.
Defender Context
Defenders should prioritize patching or updating firmware on affected MacGregor VDR G4e devices, especially those deployed in critical transportation infrastructure. The use of default credentials and insufficient protection of credentials highlight common insecure practices that attackers actively exploit, making credential hygiene a crucial defense strategy.