CVE-2025-46352

CRITICAL

9.8

Descripcion

The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado5/30/2025

Ultima modificacion5/30/2025

Fuentenvd

Avistamientos honeypot0

Debilidades (CWE)

CWE-798

Referencias

https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03(ics-cert@hq.dhs.gov)

https://www.consiliumsafety.com/en/support/(ics-cert@hq.dhs.gov)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.