Pharos Controls Mosaic Show Controller

Plan PatchCVSS 9.8ICS-CERT ICSA-26-083-01Mar 24, 2026

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A missing authentication check in Pharos Controls Mosaic Show Controller firmware versions up to 2.15.3 allows an unauthenticated attacker to execute arbitrary commands with root privileges. The vulnerability exists because the controller does not properly validate user credentials before processing control commands. An attacker can exploit this without any special tools or knowledge of valid user accounts, gaining full system access.

What this means

What could happen

An unauthenticated attacker could execute arbitrary commands with root privileges on the Mosaic Show Controller, potentially altering show settings, stopping performances, or disabling safety interlocks in a live event venue.

Who's at risk

Event venues, theaters, concert halls, and production facilities that use Pharos Mosaic Show Controllers for lighting, rigging, and stage effect automation should prioritize this vulnerability. Any facility depending on this controller for safety interlocks or critical show operations is at risk.

How it could be exploited

An attacker on the network could send a specially crafted request to the Mosaic Show Controller without providing any credentials, exploiting the authentication bypass to execute arbitrary commands with root-level access to the system.

Prerequisites

Network access to the Mosaic Show Controller on its service port
No credentials required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects safety systems

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Mosaic Show Controller Firmware: 2.15.32.15.32.16+

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the Mosaic Show Controller to authorized personnel only; implement firewall rules to block inbound connections from untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Mosaic Show Controller firmware to version 2.16 or later

Long-term hardening

0/2

HARDENINGPlace the Mosaic Show Controller on a segregated network segment isolated from business networks and the internet

HARDENINGIf remote access to the controller is required, establish a VPN connection and keep VPN software updated to the latest version

CVEs (1)

CVE-2026-2417

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4800e970-f6fa-4a34-820f-3d8433fcbd1c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.