Missing Authentication for Critical Function in Pharos Controls Mosaic Show...

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.

Basic Information

ID CVE-2026-2417

Source icscert

Published Mar 24, 2026 at 18:06

Modified Mar 24, 2026 at 18:38

Affected Product

Vendor Pharos Controls

Product Mosaic Show Controller

Version 2.15.3

Affected Versions Pharos Controls Mosaic Show Controller 2.15.3

CWE Classification

CWE-306

References

www.cisa.gov /news-events/ics-advisories/icsa-26-083-01

{
    "lastseen": "",
    "description": "A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.",
    "published": "2026-03-24T18:06:32.303Z",
    "modified": "2026-03-24T18:38:05.206Z",
    "type": "cve",
    "title": "Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-083-01",
    "id": "CVE-2026-2417",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Pharos Controls Mosaic Show Controller 2.15.3",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mosaic Show Controller",
    "version": "2.15.3",
    "vendor": "Pharos Controls",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller_CVE-2026-2417