CVE-2025-46352 | THREATINT

Description

The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.

PUBLISHED Reserved 2025-05-15 | Published 2025-05-29 | Updated 2025-05-30 | Assigner icscert

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-798

Product status

Default status

unaffected

All versions

affected

Credits

Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-148-03

www.consiliumsafety.com/en/support/

cve.org (CVE-2025-46352)

nvd.nist.gov (CVE-2025-46352)

Download JSON