Remote Access Vulnerability in CS5000 Fire Panel by Vendor
CVE-2025-46352

9.3CRITICAL

Key Information:

Vendor: Consilium Safety
Status: Cs5000 Fire Panel
Vendor: CVE Published:; 30 May 2025

🔔 Create Consilium Safety Vulnerability Alert

What is CVE-2025-46352?

The CS5000 Fire Panel possesses a significant vulnerability originating from a hard-coded password embedded in its binary, which governs the VNC server functionality. This password's fixed nature prevents any alterations, granting potential attackers the ability to establish remote access effortlessly. Such unauthorized access could undermine the fire safety of the facility by allowing intruders to manipulate or disable the fire panel, leading to severe safety risks for occupants and property.

Affected Version(s)

CS5000 Fire Panel All versions

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.consiliumsafety.com/en/support/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025