Description

The CS5000 Fire Panel is vulnerable due to a hard-coded password that
runs on a VNC server and is visible as a string in the binary
responsible for running VNC. This password cannot be altered, allowing
anyone with knowledge of it to gain remote access to the panel. Such
access could enable an attacker to operate the panel remotely,
potentially putting the fire panel into a non-functional state and
causing serious safety issues.

Classification

CVE ID: CVE-2025-46352

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor: Consilium Safety

Product: CS5000 Fire Panel

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.14% (scored less or equal to compared to others)

EPSS Date: 2025-05-30 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46352
https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03
https://www.consiliumsafety.com/en/support/

Timeline