Consilium Safety CS5000 Fire Panel (Update A)

Plan Patch8.4ICS-CERT ICSA-25-148-03May 29, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The CS5000 Fire Panel contains vulnerabilities (CWE-1188: Initialization with Hard-Coded Network Resource Configuration, CWE-798: Use of Hard-Coded Credentials) that allow an attacker with local access to gain high-level control of the device and remotely operate it, potentially rendering the fire panel non-functional. Consilium has released firmware version R1.17.1 to address these issues. The vulnerabilities are not remotely exploitable; they require local access to the device console or management interface.

What this means

What could happen

An attacker with local access to the CS5000 Fire Panel could gain high-level control of the device and remotely operate it, potentially disabling fire detection and alarm functions critical to building safety.

Who's at risk

Fire system operators and facilities managers responsible for Consilium CS5000 Fire Panels in commercial buildings, industrial sites, and critical infrastructure. Affects fire detection, alarm signaling, and emergency response systems that are essential to life safety.

How it could be exploited

An attacker must achieve local access to the fire panel (physical or via network access to the device's local ports). Once local access is gained, the attacker can exploit the vulnerability to execute arbitrary commands with high-level privileges, allowing remote operation of the panel and alteration of its functional state.

Prerequisites

Local access to CS5000 Fire Panel (physical or local network connection)
Access to device console or management interface
Device running firmware version R1.17.1 or earlier

Local access required for exploitationHigh CVSS severity (8.4)No authentication required for local exploitationAffects critical life-safety fire detection and alarm systemsWeak credential handling (CWE-798)

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

CS5000 Fire Panel: <R1.17.1<R1.17.1R1.17.1

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImplement physical security and access control restrictions to limit who can physically access the fire panel

HARDENINGRestrict network access to the fire panel—do not expose it to the internet or business networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade CS5000 Fire Panel firmware to version R1.17.1 or later

Long-term hardening

0/2

HARDENINGPlace the fire panel behind a firewall and isolate it from business network segments

HARDENINGIf remote access to the panel is required, use a VPN connection and ensure the VPN software is kept up to date

CVEs (2)

CVE-2025-41438 CVE-2025-46352

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f1cb7fb3-1f8e-4999-8ce1-d121dfabfa00