BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·71d ago

Pharos Controls Mosaic Show Controller

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-083-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. /strong /p p The following versions of Pharos Controls Mosaic Show Controller are affected: /p ul li Mosaic Show Controller Firmware 2.15.3 (CVE-2026-2417) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td Pharos Controls /td td Pharos Controls Mosaic Show Controller /td td Missing Authentication for Critical Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United Kingdom /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-2417 /a /h3 div class= csaf-accordion-content p A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-2417 View CVE Details /a /p hr h4 Affected Products /h4 h5 Pharos Controls Mosaic Show Controller /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Pharos Controls /div div class= ics-version strong Product Version: /strong br Pharos Controls Mosaic Show Controller Firmware: 2.15.3 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br Pharos Controls recommends that users upgrade Mosaic Show Controller to version 2.16 or later. /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/306.html CWE-306 Missing Authentication for Critical Function /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS Version /th th role= columnheader Base Score /th th role= columnheader Base Severity /th th role= columnheader Vector String /th /tr /thead tbody tr td 3.1 /td td 9.8 /td td CRITICAL /td td a href= https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H /a /td /tr /tbody /tabl

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-083-01

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin