---
title: "Critical Flaw in Pharos Mosaic Show Controller Allows Root Access"
short_title: "Pharos Mosaic Controller critical auth bypass flaw"
description: "CVE-2026-2417 in Pharos Controls Mosaic Show Controller enables unauthenticated attackers to execute commands with root privileges. Learn mitigation steps now."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [pharos-controls, cve-2026-2417, critical-vulnerability, ot-security, authentication-bypass]
score: 0.95
cve_ids: [CVE-2026-2417]
---
TL;DR
A critical vulnerability (CVE-2026-2417) in Pharos Controls Mosaic Show Controller firmware version 2.15.3 allows unauthenticated attackers to bypass authentication and execute arbitrary commands with root privileges. Affected organizations are urged to upgrade to version 2.16 or later immediately to mitigate risks.
---
Main Content
Introduction
In a major security alert, Pharos Controls has disclosed a critical authentication bypass vulnerability in its Mosaic Show Controller, a widely used system for managing lighting and multimedia displays in commercial facilities worldwide. Tracked as CVE-2026-2417, this flaw could enable remote attackers to gain unrestricted root access to affected devices, posing severe risks to operational security.
---
Key Points
- Critical Vulnerability: CVE-2026-2417 allows unauthenticated attackers to execute arbitrary commands with root privileges.
- Affected Version: Only Mosaic Show Controller Firmware 2.15.3 is confirmed vulnerable.
- Global Impact: Deployed across commercial facilities worldwide, including critical infrastructure sectors.
- CVSS Score: 9.8 (Critical), reflecting the severity of the flaw.
- Mitigation: Pharos Controls recommends upgrading to firmware version 2.16 or later immediately.
---
Technical Details
#### Vulnerability Overview
CVE-2026-2417 is classified as a Missing Authentication for Critical Function vulnerability (CWE-306). The flaw stems from the absence of proper authentication mechanisms in the Mosaic Show Controller’s firmware, allowing attackers to bypass security controls and execute commands with elevated privileges.
#### Attack Vector
- Exploitation Method: Remote attackers can exploit this vulnerability by sending crafted requests to the affected device.
- Privilege Escalation: Successful exploitation grants root-level access, enabling full control over the device and potential lateral movement within the network.
- No User Interaction Required: The attack does not require authentication or user interaction, increasing its severity.
#### CVSS Metrics
| Metric | Value |
|----------------------|-----------------------------------------------------------------------|
| CVSS Version | 3.1 |
| Base Score | 9.8 (Critical) |
| Vector String | [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) |
| Impact | High (Confidentiality, Integrity, Availability) |
---
Impact Assessment
#### Potential Consequences
- Unauthorized Access: Attackers can gain full control over affected devices, leading to data theft, sabotage, or disruption of operations.
- Lateral Movement: Compromised controllers could serve as entry points for further attacks on connected systems.
- Reputation Damage: Organizations failing to patch may face regulatory penalties, financial losses, and erosion of customer trust.
#### Affected Sectors
- Commercial Facilities: The primary sector at risk, including entertainment venues, retail spaces, and corporate buildings.
- Global Reach: Deployments span worldwide, with a significant concentration in the United Kingdom and other regions.
---
Mitigation Steps
Pharos Controls has released firmware version 2.16 to address this vulnerability. Organizations are advised to:
1. Upgrade Immediately: Apply the patch to all affected Mosaic Show Controller devices.
2. Network Segmentation: Isolate control system networks from business networks using firewalls.
3. Minimize Exposure: Ensure control systems are not accessible from the internet.
4. Secure Remote Access: Use VPNs for remote access, keeping them updated to the latest version.
5. Monitor for Threats: Implement intrusion detection systems (IDS) to identify suspicious activity.
For additional guidance, refer to CISA’s [recommended practices for control systems security](https://www.cisa.gov/ics).
---
Conclusion
CVE-2026-2417 represents a severe threat to organizations using Pharos Controls Mosaic Show Controller. With a CVSS score of 9.8, the vulnerability underscores the critical importance of proactive patch management and network security best practices. Affected users must upgrade to firmware version 2.16 or later without delay to prevent exploitation.
As of now, no public exploitation has been reported, but the risk remains high. Organizations are encouraged to stay vigilant, monitor for updates, and implement defensive measures to safeguard their infrastructure.
---
References
[^1]: CISA. "[ICSA-26-083-01 Pharos Controls Mosaic Show Controller](https://www.cisa.gov/news-events/ics-advisories/icsa-26-083-01)". Retrieved 2024-10-02.
[^2]: MITRE. "[CVE-2026-2417 Detail](https://www.cve.org/CVERecord?id=CVE-2026-2417)". Retrieved 2024-10-02.
[^3]: Pharos Controls. "Mosaic Show Controller Firmware Update". Retrieved 2024-10-02.
[^4]: CISA. "[Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](https://www.cisa.gov/ics)". Retrieved 2024-10-02.