Critical Vulnerability in Pharos Controls Mosaic Show Controller
Critical Vulnerability in Pharos Controls Mosaic Show Controller 🚨
A critical vulnerability (CVE-2026-2417) has been identified in the Pharos Controls Mosaic Show Controller firmware. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. Specifically, a Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. This vulnerability, identified as CWE-306, affects Critical Infrastructure Sectors, particularly Commercial Facilities, and is deployed worldwide. James Tully reported this vulnerability to CISA.
Affected Firmware Version
The Pharos Controls Mosaic Show Controller Firmware version 2.15.3 is specifically identified as affected. To mitigate this risk, Pharos Controls recommends that users upgrade Mosaic Show Controller to version 2.16 or later. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
Defensive Measures
Additionally, CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Organizations should minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. It is also advised to locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Further mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.