← Voltar para CVEs
CVE-2025-41438
CRITICAL9.8
Descricao
The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/30/2025
Ultima modificacao5/30/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-1188
Referencias
https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03(ics-cert@hq.dhs.gov)
https://www.consiliumsafety.com/en/support/(ics-cert@hq.dhs.gov)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.