Critical Vulnerabilities Found in Pharos Controls Mosaic Show Controller

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning about critical vulnerabilities discovered in Pharos Controls Mosaic Show Controller, a widely-used system for managing theatrical lighting, audio, and visual effects in entertainment venues.

The Mosaic Show Controller, manufactured by Pharos Controls, is deployed in theaters, concert halls, and event spaces worldwide to coordinate complex multimedia presentations. Security researchers found multiple flaws that could allow attackers to gain unauthorized access to these systems.

According to the CISA alert, the vulnerabilities include improper authentication mechanisms that could permit remote attackers to bypass security controls and execute arbitrary commands on affected devices. The flaws affect various versions of the Mosaic Show Controller software and firmware.

Theater operators and venue managers are strongly advised to check their systems against the affected versions listed in the CISA advisory. The agency recommends immediate patching or applying available mitigations to prevent potential exploitation.

Pharos Controls has released security updates to address the identified vulnerabilities. Users should contact the company's support team or visit their official website for the latest firmware and software patches.

This discovery highlights the growing concern about cybersecurity in operational technology and industrial control systems used in entertainment and public venues. As these systems become increasingly networked and connected to the internet, they face similar security challenges as traditional IT infrastructure.

CISA continues to monitor the situation and will provide updates as new information becomes available. Organizations operating Mosaic Show Controller systems should review their security posture and implement the recommended protections without delay.