PatchSiren cyber security CVE debrief
CVE-2026-2417 Pharos Controls CVE debrief
CVE-2026-2417 is a critical authentication-bypass issue affecting Pharos Controls Mosaic Show Controller firmware version 2.15.3. According to the CISA advisory published on 2026-03-24, an unauthenticated attacker could bypass authentication and execute arbitrary commands with root privileges. Pharos Controls recommends upgrading to Mosaic Show Controller version 2.16 or later. The provided enrichment does not indicate a KEV listing or known ransomware campaign use.
- Vendor
- Pharos Controls
- Product
- Mosaic Show Controller Firmware
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-24
- Original CVE updated
- 2026-03-24
- Advisory published
- 2026-03-24
- Advisory updated
- 2026-03-24
Who should care
Organizations operating Pharos Controls Mosaic Show Controller firmware 2.15.3, especially teams responsible for OT/ICS environments, show-control deployments, device administration, and patch management.
Technical summary
The advisory describes a Missing Authentication for Critical Function weakness in Mosaic Show Controller firmware 2.15.3. The supplied CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reflects a network-reachable, no-privileges, no-user-interaction path to full confidentiality, integrity, and availability impact. The practical result described by the source is unauthenticated execution of arbitrary commands with root privileges.
Defensive priority
Immediate. The issue is rated CVSS 9.8 Critical and the source indicates a direct path from unauthenticated access to root-level command execution. Upgrade as soon as operationally feasible.
Recommended defensive actions
- Upgrade Mosaic Show Controller to version 2.16 or later, as recommended by Pharos Controls.
- Inventory all deployments running firmware 2.15.3 and confirm exposure paths, especially any network-reachable management interfaces.
- Restrict administrative and management access to trusted networks only until remediation is complete.
- Monitor affected systems for unauthorized authentication bypass attempts or unexpected command execution indicators.
- Validate that backup and recovery procedures are available before applying firmware updates in operational environments.
Evidence notes
All claims in this debrief are drawn from the supplied CISA CSAF advisory data and the provided CVE metadata. The source states: missing authentication for critical function in Pharos Controls Mosaic Show Controller firmware 2.15.3, unauthenticated attacker, arbitrary commands, and root privileges. The remediation listed by the source is upgrade to version 2.16 or later. The advisory publication date used here is 2026-03-24, matching the supplied CVE and source timestamps. No KEV listing is indicated in the provided enrichment.
Official resources
-
CVE-2026-2417 CVE record
CVE.org
-
CVE-2026-2417 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and CVE record on 2026-03-24. The provided data does not indicate a KEV listing or a known ransomware campaign association.