CISA Alert: Critical Flaws in Consilium Safety CS5000 Fire Panel Could Enable Remote Takeover, No Patch

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning of two critical security vulnerabilities affecting all versions of the Consilium Safety CS5000 Fire Panel—a widely deployed industrial control system used in fire safety environments. If exploited, these flaws could allow remote attackers to gain high-level access and potentially render fire panels non-functional, posing significant risks to safety-critical infrastructure.

“Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to and remotely operate the device, potentially putting it into a non-functional state,” the advisory warns.

The first vulnerability, identified as CVE-2025-41438, involves the initialization of a system resource with an insecure default configuration. A default high-privileged account exists on all CS5000 units and is observed to remain unchanged in production environments.

“Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed,” the report states.

While the account is not root-level, it still possesses sufficient privileges to critically disrupt operations. The flaw has received a CVSS v3.1 base score of 9.8, reflecting its critical severity.

The second vulnerability, CVE-2025-46352, stems from the presence of hard-coded credentials in a VNC server component used by the fire panel. The password is embedded within the binary and cannot be changed, granting anyone with knowledge of it full remote access to the system.

“This password cannot be altered, allowing anyone with knowledge of it to gain remote access… potentially putting the fire panel into a non-functional state and causing serious safety issues,” according to CISA’s technical bulletin.

This vulnerability has also received a CVSS score of 9.8, underscoring the severe impact and ease of exploitation.

Both vulnerabilities were responsibly disclosed by Andrew Tierney of Pen Test Partners, who reported the issues to CISA. As of now, no public exploitation of these flaws has been reported.

Alarmingly, Consilium Safety has no plans to patch the CS5000 Fire Panel. Instead, the vendor recommends migrating to newer hardware models.

“Users wanting enhanced security features are advised to upgrade to Consilium Safety’s newer line of fire panels… manufactured after July 1, 2024,” the advisory states.

Until then, customers are encouraged to apply compensating controls, including physical security measures and restricted administrative access to CS5000 devices.

CISA urges affected organizations to minimize risk by adopting the following best practices:

• Isolate fire panels from internet exposure and place them behind firewalls.
• Segment control system networks from business environments.
• Use updated VPNs for remote access and secure all connected endpoints.

More details are available through the official Consilium Safety support site and CISA ICS Alert.

Related Posts:

• Urgent Security Alert for Siemens Fire Protection Systems: Critical Vulnerabilities Discovered
• CVE-2024-22039 (CVSS 10): Siemens Fire Protection Systems Vulnerable to Remote Attacks
• Microsoft Signals End of an Era: Control Panel to be Phased Out
• WikiLeaks Share Trump book Fire and Fury, but Google Drive removed it
• CEO Google Sundar Pichai: the importance of AI can be comparable to electricity and fire