NAVTOR NavBox

MonitorCVSS 6.3ICS-CERT ICSA-26-155-01Jun 4, 2026

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

A hardcoded credential or authentication bypass vulnerability in NAVTOR NavBox versions prior to 4.17.2.6 allows a local attacker to gain unauthorized access to SOAP web service methods. Successful exploitation could result in disruption of navigation operations or unauthorized modification of chart data and system settings.

What this means

What could happen

An attacker with local access to a NavBox could execute SOAP web service methods without authorization, potentially disrupting maritime navigation operations or causing incorrect chart data to be used.

Who's at risk

Maritime operators and shipping companies using NAVTOR NavBox for electronic chart display and navigation data management. This affects bridge navigation systems on vessels where NavBox provides chart updates and operational data.

How it could be exploited

An attacker with local access to the NavBox device can exploit hardcoded credentials or authentication bypass to call SOAP methods that control navigation data, chart updates, or system functions. The attack requires interactive access to the device itself.

Prerequisites

Local access to the NavBox device
Knowledge of SOAP service endpoints
Ability to send SOAP requests to the affected service

Local access required for exploitationHardcoded or weak credential issueCould disrupt navigation operations

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

NavBox: 4.16.1.204.16.1.20Fix available

Remediation & Mitigation

0/2

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXEnsure NavBox is set to automatically update. Verify in system settings that auto-update is enabled to receive version 4.17.2.6 or later when deployed.

Long-term hardening

0/1

HARDENINGPhysically secure NavBox devices and restrict local terminal access to authorized personnel only.

CVEs (1)

CVE-2026-21404

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8b57dea9-0092-4873-a109-1fefa722c6f5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.