top of page
perceptive_background_267k.jpg

Pharos Controls Mosaic Show Controller

Published:

24 maart 2026 om 12:00:00

Alert date:

24 maart 2026 om 17:03:37

Source:

cisa.gov

Click to open the original link from this advisory

Critical Infrastructure, Mobile & IoT

CISA published an advisory for CVE-2026-2417, a critical vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3. The vulnerability allows unauthenticated attackers to execute arbitrary commands with root privileges due to missing authentication for critical functions. The vulnerability has a CVSS score of 9.8 (Critical) and affects commercial facilities worldwide. Pharos Controls recommends upgrading to version 2.16 or later to mitigate the issue. The vulnerability was reported by James Tully to CISA. No known public exploitation has been reported at this time.

Technical details

Mitigation steps:

Affected products:

Pharos Controls Mosaic Show Controller

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-083-01
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-083-01.json
https://www.cve.org/CVERecord?id=CVE-2026-2417
https://cwe.mitre.org/data/definitions/306.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
https://www.cisa.gov/notification
https://www.cisa.gov/privacy-policy

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page