CVE-2025-46352

Summary

The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.

Affected Software

VendorProductVersion RangeStatus
Consilium SafetyCS5000 Fire PanelAll versionsaffected

Weaknesses

  • CWE-798: CWE-798

Workarounds

Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.

Users wanting enhanced security features are advised to upgrade to Consilium Safety's newer line of fire panels. Specifically, products manufactured after July 1, 2024, incorporate more secure-by-design principles.

Users of the CS5000 Fire Panel are recommended to implement compensating countermeasures, such as physical security and access control restrictions for dedicated personnel.

More product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ .

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References