- Description
- The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- ics-cert@hq.dhs.gov
- CWE-798
- Hype score
- Not currently trending
CISA warns of critical flaws (CVE-2025-41438, CVE-2025-46352) in Consilium Safety CS5000 Fire Panels, allowing remote access & disruption. Vendor won't patch. #FirePanelSecurity #ICS #ConsiliumSafety #CybersecurityAlert https://t.co/ValO3zD6uR
@the_yellow_fall
2 Jun 2025
142 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-46352 ⚠️🔴 CRITICAL (9.8) 🏢 Consilium Safety - CS5000 Fire Panel 🏗️ All versions 🔗 https://t.co/lBmvBmOh2x 🔗 https://t.co/TTS57CuX4V #CyberCron #VulnAlert #InfoSec https://t.co/Kgb01e1P9G
@cybercronai
30 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-46352: CRITICAL] Vulnerable CS5000 Fire Panel has a hard-coded password in VNC server binary, risking remote access. Attackers could disrupt functionality and compromise safety.#cve,CVE-2025-46352,#cybersecurity https://t.co/LI2awL7jTQ https://t.co/dRhTqHhL4x
@CveFindCom
29 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-46352 The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. Thi… https://t.co/XHRt5mLtuk
@CVEnew
29 May 2025
484 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes