on the panel. Even though it is possible to change this by SSHing into
the device, it has remained unchanged on every installed system
observed. This account is not root but holds high-level permissions that
could severely impact the device's operation if exploited.
Metrics
Affected Vendors & Products
Solution
Users wanting enhanced security features are advised to upgrade to Consilium Safety's newer line of fire panels. Specifically, products manufactured after July 1, 2024, incorporate more secure-by-design principles. More product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ .
Workaround
Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel. Users wanting enhanced security features are advised to upgrade to Consilium Safety's newer line of fire panels. Specifically, products manufactured after July 1, 2024, incorporate more secure-by-design principles. Users of the CS5000 Fire Panel are recommended to implement compensating countermeasures, such as physical security and access control restrictions for dedicated personnel. More product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ .
Fri, 30 May 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 29 May 2025 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited. | |
Title | Consilium Safety CS5000 Fire Panel Initialization of a Resource with an Insecure Default | |
Weaknesses | CWE-1188 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2025-05-30T12:50:16.987Z
Reserved: 2025-05-15T21:07:17.944Z
Link: CVE-2025-41438

Updated: 2025-05-30T12:50:13.742Z

Status : Awaiting Analysis
Published: 2025-05-30T00:15:23.003
Modified: 2025-05-30T16:31:03.107
Link: CVE-2025-41438

No data.

No data.