CVE-2025-46352

Consilium Safety CS5000 Fire Panel Use of Hard-coded Credentials

Description

The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.

Remediation

Solution:

  • Users wanting enhanced security features are advised to upgrade to Consilium Safety's newer line of fire panels. Specifically, products manufactured after July 1, 2024, incorporate more secure-by-design principles. More product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ .

Workaround:

  • Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel. Users wanting enhanced security features are advised to upgrade to Consilium Safety's newer line of fire panels. Specifically, products manufactured after July 1, 2024, incorporate more secure-by-design principles. Users of the CS5000 Fire Panel are recommended to implement compensating countermeasures, such as physical security and access control restrictions for dedicated personnel. More product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ .

Category

9.3
CVSS
Severity: Critical
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.05%
Affected: Consilium Safety CS5000 Fire Panel
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03
https://www.consiliumsafety.com/en/support/

Frequently Asked Questions

What is the severity of CVE-2025-46352?
CVE-2025-46352 has been scored as a critical severity vulnerability.
How to fix CVE-2025-46352?
To fix CVE-2025-46352: Users wanting enhanced security features are advised to upgrade to Consilium Safety's newer line of fire panels. Specifically, products manufactured after July 1, 2024, incorporate more secure-by-design principles. More product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ .
Is CVE-2025-46352 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-46352 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-46352?
CVE-2025-46352 affects Consilium Safety CS5000 Fire Panel.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.