Consilium Safety CS5000 Fire Panel Default Account Vulnerability

A vulnerability exists in the Consilium Safety CS5000 Fire Panel due to a default account with high-level permissions that could significantly disrupt the device's functionality if exploited. This account is not root but has enough access to cause serious operational issues. Although the default account can be changed by SSHing into the device, it has remained unchanged on all observed installed systems.

Impact

Exploitation of this vulnerability could allow unauthorized users to gain high-level access to the fire panel, enabling remote operation of the device. Such access could disrupt the panel's functionality, potentially leading to critical safety concerns.

Remediation

Consilium Safety is aware of this vulnerability but has no planned fixes for the CS5000 Fire Panel. Users are advised to upgrade to newer fire panel models introduced after July 1, 2024, which incorporate more secure design principles. For immediate concerns, users can request a free cybersecurity assessment and system upgrade during the next scheduled service.