CVE-2025-46352

The CS5000 Fire Panel is vulnerable due to a hard-coded password that 
runs on a VNC server and is visible as a string in the binary 
responsible for running VNC. This password cannot be altered, allowing 
anyone with knowledge of it to gain remote access to the panel. Such 
access could enable an attacker to operate the panel remotely, 
potentially putting the fire panel into a non-functional state and 
causing serious safety issues.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03
https://www.consiliumsafety.com/en/support/