Consilium Safety CS5000 Fire Panel VNC Server Hard-Coded Password Vulnerability Allowing Remote Access
Vulnerability
A vulnerability exists in the Consilium Safety CS5000 Fire Panel due to a hard-coded password for a VNC server, embedded as a string in the VNC-related binary. This password cannot be changed, granting anyone who knows it remote access to the fire panel. Such access could allow an attacker to control the panel from a distance, potentially disrupting its functionality and creating significant safety risks.
Impact
Exploitation of this vulnerability could lead to unauthorized remote access and control of the fire panel, allowing an attacker to disrupt its operations and create safety hazards.
Remediation
Consilium Safety is aware of this vulnerability but has no plans to fix it. Users are advised to upgrade to newer fire panel models introduced after July 1, 2024, which incorporate more secure design principles. For those using the CS5000 Fire Panel, it is recommended to implement physical security and access control measures for designated personnel.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.