MDR
Solutions
Partners
About
Resources
Affected Environment
Pharos Mosaic Show Controller, Schneider EcoStruxure Foxboro DCS, and Plant iT/Brewmaxx 9.60+ are affected. These systems are typically used in industrial control and process environments.
Threat Overview
Unauthenticated root commands, unsafe deserialization, and Redis flaws may allow remote code execution. Impacts include loss of confidentiality, integrity, availability, and possible unauthorized system control.
Exposure Timeline
Vulnerabilities are documented in CISA ICS advisories ICSA-26-083-01, -02, and -03 dated 2026. Smarttech247 issued this threat report on 25 March 2026 for timely enterprise review.
Attack Surface
Exposure exists on Mosaic controllers, Foxboro DCS workstations, and Plant iT/Brewmaxx Redis components. Risk increases where systems are network-accessible, use removable media, or accept external project files.
Technical Root Cause
Pharos Mosaic lacks authentication for a critical function, enabling root-level command execution. Foxboro uses unsafe deserialization; Plant iT/Brewmaxx relies on vulnerable Redis Lua handling.
Exploitation Pathway
Pharos can be attacked remotely by unauthenticated actors sending crafted commands to the controller. Foxboro requires an authenticated admin opening a malicious project file; Plant iT via authenticated Redis Lua.
Operational Impact
Attackers may run code, alter configurations, crash services, or cause denial of service on control systems. This can disrupt industrial processes and compromise reliability of plant operations.
Strategic Impact
Compromise of these ICS assets can undermine safety, regulatory compliance, and production continuity. Loss of control over critical processes may have wider business and sector implications.
Required Mitigation
Upgrade Mosaic to firmware 2.16+, Foxboro DCS to CS 8.1, and apply ProLeiT-2025-001 for Plant iT/Brewmaxx. Then disable risky Redis eval commands, enforce secure configs, and reboot affected systems.
Incident Response Guidance
Check asset inventory against affected versions and review Redis, DCS, and Mosaic logs for anomalies. If compromise is suspected, isolate impacted systems, remove network exposure, and coordinate vendor support.
References
Use CISA advisories ICSA-26-083-01, -02, and -03 for full technical details and vendor guidance. Track CVEs 2026-2417, 2026-1286, 2025-49844, 46817, 46818, and 46819 in your vulnerability management.
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)