CVE-2025-46352 (GCVE-0-2025-46352)
Vulnerability from cvelistv5
Published
2025-05-29 23:18
Modified
2025-05-30 12:49
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
Summary
The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.
References
Impacted products
Vendor Product Version
Consilium Safety CS5000 Fire Panel Version: All versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46352",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-30T12:49:22.434773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T12:49:31.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CS5000 Fire Panel",
          "vendor": "Consilium Safety",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues."
            }
          ],
          "value": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-29T23:18:33.934Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03"
        },
        {
          "url": "https://www.consiliumsafety.com/en/support/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eUsers wanting enhanced security features are advised to upgrade to \nConsilium Safety\u0027s newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\u003cbr\u003e\u003c/div\u003e\nMore product safety information can be found on Consilium Safety\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\"\u003esupport webpage\u003c/a\u003e."
            }
          ],
          "value": "Users wanting enhanced security features are advised to upgrade to \nConsilium Safety\u0027s newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\n\nMore product safety information can be found on Consilium Safety\u0027s  support webpage https://www.consiliumsafety.com/en/support/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-25-148-03",
        "discovery": "EXTERNAL"
      },
      "title": "Consilium Safety CS5000 Fire Panel Use of Hard-coded Credentials",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eConsilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.\u003c/p\u003e\n\u003cp\u003eUsers wanting enhanced security features are advised to upgrade to \nConsilium Safety\u0027s newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\u003c/p\u003e\n\u003cp\u003eUsers of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.\u003c/p\u003e\u003cp\u003eMore product safety information can be found on Consilium Safety\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\"\u003esupport webpage\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.\n\n\nUsers wanting enhanced security features are advised to upgrade to \nConsilium Safety\u0027s newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\nUsers of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.\n\nMore product safety information can be found on Consilium Safety\u0027s  support webpage https://www.consiliumsafety.com/en/support/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-46352",
    "datePublished": "2025-05-29T23:18:33.934Z",
    "dateReserved": "2025-05-15T21:07:17.955Z",
    "dateUpdated": "2025-05-30T12:49:31.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-46352\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2025-05-30T00:15:23.170\",\"lastModified\":\"2025-05-30T16:31:03.107\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The CS5000 Fire Panel is vulnerable due to a hard-coded password that \\nruns on a VNC server and is visible as a string in the binary \\nresponsible for running VNC. This password cannot be altered, allowing \\nanyone with knowledge of it to gain remote access to the panel. Such \\naccess could enable an attacker to operate the panel remotely, \\npotentially putting the fire panel into a non-functional state and \\ncausing serious safety issues.\"},{\"lang\":\"es\",\"value\":\"CS5000 Fire Panel es vulnerable debido a una contrase\u00f1a codificada que se ejecuta en un servidor VNC y es visible como una cadena en el binario responsable de ejecutar VNC. Esta contrase\u00f1a no se puede alterar, lo que permite que cualquiera que la conozca acceda remotamente al panel. Dicho acceso podr\u00eda permitir a un atacante operar el panel remotamente, lo que podr\u00eda dejarlo inoperativo y causar graves problemas de seguridad.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.consiliumsafety.com/en/support/\",\"source\":\"ics-cert@hq.dhs.gov\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-46352\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-30T12:49:22.434773Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-30T12:49:27.331Z\"}}], \"cna\": {\"title\": \"Consilium Safety CS5000 Fire Panel Use of Hard-coded Credentials\", \"source\": {\"advisory\": \"ICSA-25-148-03\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Consilium Safety\", \"product\": \"CS5000 Fire Panel\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Users wanting enhanced security features are advised to upgrade to \\nConsilium Safety\u0027s newer line of fire panels. Specifically, products \\nmanufactured after July 1, 2024, incorporate more secure-by-design \\nprinciples.\\n\\n\\n\\nMore product safety information can be found on Consilium Safety\u0027s  support webpage https://www.consiliumsafety.com/en/support/ .\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eUsers wanting enhanced security features are advised to upgrade to \\nConsilium Safety\u0027s newer line of fire panels. Specifically, products \\nmanufactured after July 1, 2024, incorporate more secure-by-design \\nprinciples.\u003cbr\u003e\u003c/div\u003e\\nMore product safety information can be found on Consilium Safety\u0027s \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.consiliumsafety.com/en/support/\\\"\u003esupport webpage\u003c/a\u003e.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03\"}, {\"url\": \"https://www.consiliumsafety.com/en/support/\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.\\n\\n\\nUsers wanting enhanced security features are advised to upgrade to \\nConsilium Safety\u0027s newer line of fire panels. Specifically, products \\nmanufactured after July 1, 2024, incorporate more secure-by-design \\nprinciples.\\n\\n\\nUsers of the CS5000 Fire Panel are recommended to implement \\ncompensating countermeasures, such as physical security and access \\ncontrol restrictions for dedicated personnel.\\n\\nMore product safety information can be found on Consilium Safety\u0027s  support webpage https://www.consiliumsafety.com/en/support/ .\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eConsilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.\u003c/p\u003e\\n\u003cp\u003eUsers wanting enhanced security features are advised to upgrade to \\nConsilium Safety\u0027s newer line of fire panels. Specifically, products \\nmanufactured after July 1, 2024, incorporate more secure-by-design \\nprinciples.\u003c/p\u003e\\n\u003cp\u003eUsers of the CS5000 Fire Panel are recommended to implement \\ncompensating countermeasures, such as physical security and access \\ncontrol restrictions for dedicated personnel.\u003c/p\u003e\u003cp\u003eMore product safety information can be found on Consilium Safety\u0027s \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.consiliumsafety.com/en/support/\\\"\u003esupport webpage\u003c/a\u003e.\\n\\n\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The CS5000 Fire Panel is vulnerable due to a hard-coded password that \\nruns on a VNC server and is visible as a string in the binary \\nresponsible for running VNC. This password cannot be altered, allowing \\nanyone with knowledge of it to gain remote access to the panel. Such \\naccess could enable an attacker to operate the panel remotely, \\npotentially putting the fire panel into a non-functional state and \\ncausing serious safety issues.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The CS5000 Fire Panel is vulnerable due to a hard-coded password that \\nruns on a VNC server and is visible as a string in the binary \\nresponsible for running VNC. This password cannot be altered, allowing \\nanyone with knowledge of it to gain remote access to the panel. Such \\naccess could enable an attacker to operate the panel remotely, \\npotentially putting the fire panel into a non-functional state and \\ncausing serious safety issues.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"CWE-798\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2025-05-29T23:18:33.934Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-46352\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-30T12:49:31.802Z\", \"dateReserved\": \"2025-05-15T21:07:17.955Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2025-05-29T23:18:33.934Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.