The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed two critical vulnerabilities in Consilium Safety’s CS5000 Fire Panel systems that could allow attackers to gain remote control of essential fire safety equipment.
With CVSS v4 scores of 9.3, these vulnerabilities affect fire panels deployed worldwide across critical infrastructure sectors, raising serious concerns about safety system integrity and operational security.
Two distinct but equally severe vulnerabilities have been identified in the CS5000 Fire Panel, both carrying maximum severity ratings.
The first vulnerability, assigned CVE-2025-41438, stems from the initialization of resources with insecure defaults.
According to CISA’s advisory, the fire panel contains a default account that, while not having root privileges, possesses high-level permissions capable of severely impacting device operations.
Security researcher Andrew Tierney of Pen Test Partners, who reported these vulnerabilities to CISA, discovered that despite the theoretical ability to change these default credentials via SSH access, the default account remains unchanged across every observed installation.
This represents a classic case of poor security hygiene where manufacturers’ default settings persist in production environments.
The second vulnerability, CVE-2025-46352, involves hard-coded credentials embedded within the system’s VNC server functionality.
The hard-coded password is visible as a plain string within the binary file responsible for running the VNC service, making it discoverable through basic reverse engineering techniques.
Unlike the first vulnerability, this password cannot be modified by users, creating a permanent backdoor that attackers can exploit to gain remote panel access.
Fire Panel Vulnerabilities
The scope of potential impact extends far beyond individual installations, as CS5000 Fire Panels are deployed worldwide across multiple critical infrastructure sectors.
CISA identifies affected sectors including Commercial Facilities, Energy, Government Services and Facilities, Healthcare and Public Health, and Transportation Systems.
This widespread deployment amplifies the security risk, as successful exploitation could compromise fire safety systems in hospitals, government buildings, energy facilities, and transportation hubs.
Successful attacks could enable malicious actors to remotely operate fire panels, potentially rendering them non-functional during critical emergencies.
The implications are particularly concerning given that fire safety systems serve as last lines of defense in emergency situations.
Attackers could manipulate alarm systems, disable safety protocols, or cause false alerts that could lead to unnecessary evacuations or, conversely, prevent legitimate emergency responses.
The vulnerabilities affect all versions of the CS5000 Fire Panel, indicating that the security Vulnerabilities are fundamental design issues rather than recent coding errors.
This universal impact means that no current CS5000 installation is immune to these attack vectors.
System Upgrades
Perhaps most concerning is Consilium Safety’s response to these vulnerabilities. The Swedish manufacturer has acknowledged the security Vulnerabilities but has announced that no fixes are planned for the CS5000 Fire Panel line.
Instead, the company is directing customers toward newer fire panel products manufactured after July 1, 2024, which reportedly incorporate more secure-by-design principles.
This approach effectively forces organizations to choose between maintaining potentially vulnerable fire safety systems or investing in complete system replacements.
For organizations operating under tight budgets or complex regulatory environments, immediate hardware replacement may not be feasible.
CISA recommends implementing compensating controls including network segmentation, firewall protection, and restricting internet accessibility for affected systems.
Organizations should also consider physical security measures and limit system access to authorized personnel only.
However, these mitigations cannot fully eliminate the underlying vulnerabilities, leaving systems fundamentally exposed until hardware replacement occurs.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
