Consilium Safety CS5000 Fire Panel (Update A)

Plan PatchCVSS 8.4ICS-CERT ICSA-25-148-03May 29, 2025

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The CS5000 Fire Panel contains hardcoded credentials and improper access control vulnerabilities that allow unauthenticated local attackers to gain high-level administrative access and remotely operate the device. Successful exploitation could render the fire panel non-functional, preventing it from detecting or responding to fires. The vulnerabilities are not remotely exploitable and require local access to the device.

What this means

What could happen

An attacker with local access to a CS5000 Fire Panel could gain high-level administrative control and remotely operate the device, potentially rendering it unable to detect or respond to fires.

Who's at risk

Fire safety system operators and facilities managers responsible for CS5000 Fire Panels should prioritize this update. This affects any organization using Consilium Safety fire detection and alarm systems, including municipal buildings, industrial facilities, commercial properties, and data centers that rely on these panels for fire response automation.

How it could be exploited

An attacker must first gain local access to the CS5000 Fire Panel (physical proximity or local network connection without authentication required). Once local access is achieved, the attacker can exploit the hardcoded credentials or access control weakness to gain administrative-level control and execute arbitrary operations on the device.

Prerequisites

Local access to the CS5000 Fire Panel (physical or direct local network connection)
No authentication required to exploit the vulnerabilities

no authentication requiredlow complexityhardcoded credentials (CWE-798)affects safety-critical systemlocal attack vector only

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (1)

ProductAffected VersionsFix Status

CS5000 Fire Panel: <R1.17.1<R1.17.1R1.17.1

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImplement physical security and access controls to restrict unauthorized physical access to the CS5000 Fire Panel

HARDENINGRestrict network access to the CS5000 Fire Panel to authorized personnel and devices only

HARDENINGEnsure the CS5000 Fire Panel is not accessible from the internet or untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CS5000 Fire Panel to firmware version R1.17.1 or later

Long-term hardening

0/1

HARDENINGIsolate the fire panel network from the business network using firewalls or network segmentation

CVEs (2)

CVE-2025-41438 CVE-2025-46352

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f1cb7fb3-1f8e-4999-8ce1-d121dfabfa00

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.