Description
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.
Published: 2026-03-24
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A missing authentication check in the critical command interface of Pharos Controls Mosaic Show Controller firmware 2.15.3 permits an attacker to execute arbitrary commands with root privileges. This flaw originates from CWE‑306, enabling a compromise of confidentiality, integrity, and availability by allowing an unauthenticated attacker to gain full system control.

Affected Systems

Pharos Controls Mosaic Show Controller, firmware version 2.15.3.

Risk and Exploitability

The CVSS score of 9.3 indicates a high severity vulnerability. EPSS data is not available and the flaw is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a remote network connection that exploits the unauthenticated command interface; the attacker need not authenticate, allowing direct execution of arbitrary commands.

Generated by OpenCVE AI on March 24, 2026 at 19:23 UTC.

Remediation

Vendor Solution

Pharos Controls recommends that users upgrade Mosaic Show Controller to version 2.16 or later.

OpenCVE Recommended Actions

  • Upgrade Mosaic Show Controller to version 2.16 or newer as recommended by Pharos Controls.

Generated by OpenCVE AI on March 24, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Pharos Controls
Pharos Controls mosaic Show Controller
Vendors & Products Pharos Controls
Pharos Controls mosaic Show Controller

Tue, 24 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
Description A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.
Title Missing Authentication for Critical Function in Pharos Controls Mosaic Show Controller
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pharos Controls Mosaic Show Controller
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-24T18:38:05.206Z

Reserved: 2026-02-12T17:31:30.834Z

Link: CVE-2026-2417

cve-icon Vulnrichment

Updated: 2026-03-24T18:38:02.468Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T19:16:51.410

Modified: 2026-03-25T15:41:58.280

Link: CVE-2026-2417

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:49:32Z

Weaknesses