github - ghsa-427v-vg76-wcjg

ghsa-427v-vg76-wcjg

Vulnerability from github

Published

2025-05-30 00:31

Modified

2025-05-30 00:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-46352"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-30T00:15:23Z",
    "severity": "CRITICAL"
  },
  "details": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues.",
  "id": "GHSA-427v-vg76-wcjg",
  "modified": "2025-05-30T00:31:14Z",
  "published": "2025-05-30T00:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46352"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03"
    },
    {
      "type": "WEB",
      "url": "https://www.consiliumsafety.com/en/support"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2025-46352 (GCVE-0-2025-46352)

Vulnerability from cvelistv5

Published

2025-05-29 23:18

Modified

2025-05-30 12:49

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-798

Summary

The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03
	https://www.consiliumsafety.com/en/support/

Impacted products

	Vendor	Product	Version
	Consilium Safety	CS5000 Fire Panel	Version: All versions

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46352",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-30T12:49:22.434773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-30T12:49:31.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CS5000 Fire Panel",
          "vendor": "Consilium Safety",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues."
            }
          ],
          "value": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-29T23:18:33.934Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03"
        },
        {
          "url": "https://www.consiliumsafety.com/en/support/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eUsers wanting enhanced security features are advised to upgrade to \nConsilium Safety\u0027s newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\u003cbr\u003e\u003c/div\u003e\nMore product safety information can be found on Consilium Safety\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\"\u003esupport webpage\u003c/a\u003e."
            }
          ],
          "value": "Users wanting enhanced security features are advised to upgrade to \nConsilium Safety\u0027s newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\n\nMore product safety information can be found on Consilium Safety\u0027s  support webpage https://www.consiliumsafety.com/en/support/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-25-148-03",
        "discovery": "EXTERNAL"
      },
      "title": "Consilium Safety CS5000 Fire Panel Use of Hard-coded Credentials",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eConsilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.\u003c/p\u003e\n\u003cp\u003eUsers wanting enhanced security features are advised to upgrade to \nConsilium Safety\u0027s newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\u003c/p\u003e\n\u003cp\u003eUsers of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.\u003c/p\u003e\u003cp\u003eMore product safety information can be found on Consilium Safety\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\"\u003esupport webpage\u003c/a\u003e.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.\n\n\nUsers wanting enhanced security features are advised to upgrade to \nConsilium Safety\u0027s newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\nUsers of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.\n\nMore product safety information can be found on Consilium Safety\u0027s  support webpage https://www.consiliumsafety.com/en/support/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-46352",
    "datePublished": "2025-05-29T23:18:33.934Z",
    "dateReserved": "2025-05-15T21:07:17.955Z",
    "dateUpdated": "2025-05-30T12:49:31.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.