{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46352", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-05-15T21:07:17.955Z", "datePublished": "2025-05-29T23:18:33.934Z", "dateUpdated": "2025-05-30T12:49:31.802Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CS5000 Fire Panel", "vendor": "Consilium Safety", "versions": [{"status": "affected", "version": "All versions"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues."}], "value": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-05-29T23:18:33.934Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03"}, {"url": "https://www.consiliumsafety.com/en/support/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.<br></div>\nMore product safety information can be found on Consilium Safety's <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\">support webpage</a>."}], "value": "Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\n\nMore product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ ."}], "source": {"advisory": "ICSA-25-148-03", "discovery": "EXTERNAL"}, "title": "Consilium Safety CS5000 Fire Panel Use of Hard-coded Credentials", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.</p>\n<p>Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.</p>\n<p>Users of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.</p><p>More product safety information can be found on Consilium Safety's <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\">support webpage</a>.\n\n<br></p>"}], "value": "Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.\n\n\nUsers wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\nUsers of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.\n\nMore product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ ."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-30T12:49:22.434773Z", "id": "CVE-2025-46352", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T12:49:31.802Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46352", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-30T12:49:22.434773Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T12:49:27.331Z"}}], "cna": {"title": "Consilium Safety CS5000 Fire Panel Use of Hard-coded Credentials", "source": {"advisory": "ICSA-25-148-03", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Consilium Safety", "product": "CS5000 Fire Panel", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\n\nMore product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ .", "supportingMedia": [{"type": "text/html", "value": "<div>Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.<br></div>\nMore product safety information can be found on Consilium Safety's <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\">support webpage</a>.", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03"}, {"url": "https://www.consiliumsafety.com/en/support/"}], "workarounds": [{"lang": "en", "value": "Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.\n\n\nUsers wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\nUsers of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.\n\nMore product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ .", "supportingMedia": [{"type": "text/html", "value": "<p>Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.</p>\n<p>Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.</p>\n<p>Users of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.</p><p>More product safety information can be found on Consilium Safety's <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\">support webpage</a>.\n\n<br></p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues.", "supportingMedia": [{"type": "text/html", "value": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-05-29T23:18:33.934Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46352", "state": "PUBLISHED", "dateUpdated": "2025-05-30T12:49:31.802Z", "dateReserved": "2025-05-15T21:07:17.955Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-05-29T23:18:33.934Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues."}, {"lang": "es", "value": "CS5000 Fire Panel es vulnerable debido a una contrase\u00f1a codificada que se ejecuta en un servidor VNC y es visible como una cadena en el binario responsable de ejecutar VNC. Esta contrase\u00f1a no se puede alterar, lo que permite que cualquiera que la conozca acceda remotamente al panel. Dicho acceso podr\u00eda permitir a un atacante operar el panel remotamente, lo que podr\u00eda dejarlo inoperativo y causar graves problemas de seguridad."}], "id": "CVE-2025-46352", "lastModified": "2025-05-30T16:31:03.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-05-30T00:15:23.170", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.consiliumsafety.com/en/support/"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}