- Description
- The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- ics-cert@hq.dhs.gov
- CWE-1188
- Hype score
- Not currently trending
CISA warns of critical flaws (CVE-2025-41438, CVE-2025-46352) in Consilium Safety CS5000 Fire Panels, allowing remote access & disruption. Vendor won't patch. #FirePanelSecurity #ICS #ConsiliumSafety #CybersecurityAlert https://t.co/ValO3zD6uR
@the_yellow_fall
2 Jun 2025
142 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-41438 ⚠️🔴 CRITICAL (9.8) 🏢 Consilium Safety - CS5000 Fire Panel 🏗️ All versions 🔗 https://t.co/lBmvBmOh2x 🔗 https://t.co/TTS57CuX4V #CyberCron #VulnAlert #InfoSec https://t.co/Q2DU1Lnopu
@cybercronai
30 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-41438: CRITICAL] CS5000 Fire Panel faces cyber risks from a lingering default account. Despite the option to alter this via SSH access, the unchanged setting across all systems poses significant op...#cve,CVE-2025-41438,#cybersecurity https://t.co/YDJlZzEYlg https://t.c
@CveFindCom
29 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41438 The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has r… https://t.co/E74bKv2OUF
@CVEnew
29 May 2025
496 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes