CVE-2025-46352
📋 TL;DR
The CS5000 Fire Panel contains a hard-coded VNC password that cannot be changed, allowing attackers with knowledge of this password to gain remote administrative access. This affects all CS5000 Fire Panel systems with the vulnerable firmware, potentially enabling attackers to disable fire safety systems and create dangerous situations.
💻 Affected Systems
- Consilium CS5000 Fire Panel
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full remote control of fire panels, disable fire detection/suppression systems during actual fires, leading to property damage, injuries, or loss of life.
Likely Case
Attackers gain remote access to fire panels, potentially disabling them or manipulating settings, creating false alarms, or preventing proper fire response.
If Mitigated
If network segmentation and access controls are properly implemented, risk is limited to internal network compromise rather than direct safety impacts.
🎯 Exploit Status
Exploitation requires only knowledge of the hard-coded password and network access to the VNC service. No authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Contact vendor for specific firmware version
Vendor Advisory: https://www.consiliumsafety.com/en/support/
Restart Required: Yes
Instructions:
1. Contact Consilium support for updated firmware. 2. Schedule maintenance window. 3. Backup current configuration. 4. Apply firmware update following vendor instructions. 5. Verify system functionality post-update.
🔧 Temporary Workarounds
Network Segmentation
allIsolate fire panel network from other networks and internet
Access Control Lists
allImplement strict firewall rules to limit VNC access to authorized IPs only
🧯 If You Can't Patch
- Physically disconnect fire panels from all networks if safety permits
- Implement 24/7 monitoring of VNC access attempts and alert on any connections
🔍 How to Verify
Check if Vulnerable:
Check if CS5000 Fire Panel is accessible via VNC on default port (5900) and test with known hard-coded password (not publicly disclosed).Check Version:
Check firmware version through panel interface or contact vendor for version verificationVerify Fix Applied:
After firmware update, verify VNC service no longer accepts the hard-coded password and requires proper authentication.📡 Detection & Monitoring
Log Indicators:
- VNC authentication attempts
- Multiple failed VNC login attempts followed by success
- Unusual VNC connections from unexpected IPs
Network Indicators:
- VNC traffic to fire panel systems
- Port 5900 connections to fire panel IPs
- VNC protocol handshakes
SIEM Query:
source_ip="*" AND dest_port=5900 AND protocol="VNC" AND (event_type="authentication_success" OR event_type="connection_established")