Critical Vulnerabilities in Daktronics Controller Firmware Threaten Industrial Systems
Executive Summary
In June 2026, multiple critical vulnerabilities were identified in Daktronics Controller Firmware, affecting versions of VFC-DMP-5000, DMP-5000, and DMP-8000. These vulnerabilities include path traversal (CVE-2026-28701), unrestricted file upload (CVE-2026-33560), and hard-coded credentials (CVE-2026-31928). Exploitation could grant unauthenticated users root-level access, compromising system integrity and control. (daktronics.com)
The discovery underscores the persistent risks in industrial control systems, emphasizing the need for timely firmware updates and robust security practices to mitigate potential threats.
Why This Matters Now
The vulnerabilities in Daktronics Controller Firmware highlight the critical importance of securing industrial control systems against unauthorized access and potential exploitation, especially as such systems are integral to various critical infrastructure sectors.
Attack Path Analysis
An attacker exploits hard-coded credentials to gain unauthorized access to the Daktronics Controller Firmware. They escalate privileges to root level by exploiting the unrestricted file upload vulnerability. The attacker moves laterally within the network by leveraging the path traversal vulnerability to access sensitive files. They establish command and control by deploying malicious scripts through the compromised firmware. Data exfiltration occurs as the attacker transfers sensitive information to an external server. The impact includes potential disruption of critical infrastructure services and unauthorized access to sensitive data.
Kill Chain Progression
Initial Compromise
Description
An attacker exploits hard-coded credentials to gain unauthorized access to the Daktronics Controller Firmware.
Related CVEs
CVE-2026-28701
CVSS 7.7Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.
Affected Products:
Daktronics VFC-DMP-5000 – <v8.117.x.x, <v9.43.x.x, <v10.34.x.x
Daktronics DMP-5000 – <v8.117.x.x, <v9.43.x.x, <v10.34.x.x
Daktronics DMP-8000 – <v8.117.x.x, <v9.43.x.x, <v10.34.x.x
Exploit Status:
no public exploitCVE-2026-33560
CVSS 7.1The DMP-5000 file service exposes authenticated arbitrary file upload functionality, allowing users to upload files of any type without validation.
Affected Products:
Daktronics VFC-DMP-5000 – <v8.117.x.x, <v9.43.x.x, <v10.34.x.x
Daktronics DMP-5000 – <v8.117.x.x, <v9.43.x.x, <v10.34.x.x
Daktronics DMP-8000 – <v8.117.x.x, <v9.43.x.x, <v10.34.x.x
Exploit Status:
no public exploitCVE-2026-31928
CVSS 8.1The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation.
Affected Products:
Daktronics VFC-DMP-5000 – <v8.117.x.x, <v9.43.x.x, <v10.34.x.x
Daktronics DMP-5000 – <v8.117.x.x, <v9.43.x.x, <v10.34.x.x
Daktronics DMP-8000 – <v8.117.x.x, <v9.43.x.x, <v10.34.x.x
Exploit Status:
no public exploit
MITRE ATT&CK® Techniques
Valid Accounts
Ingress Tool Transfer
Exploitation for Client Execution
Application Layer Protocol
Taint Shared Content
External Remote Services
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Secure Authentication
Control ID: 8.2.3
NYDFS 23 NYCRR 500 – Access Privileges
Control ID: 500.07
DORA – ICT Risk Management
Control ID: Article 6
CISA ZTMM 2.0 – Identity and Access Management
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Sports
Daktronics displays in stadiums face critical vulnerabilities allowing unauthenticated root access, threatening game operations and spectator safety systems.
Entertainment/Movie Production
Digital signage controllers with hardcoded credentials and file upload vulnerabilities expose venue operations to complete system compromise and disruption.
Transportation
Transportation hubs using Daktronics displays vulnerable to path traversal and arbitrary file upload attacks, compromising passenger information and safety systems.
Government Administration
Public facility digital displays with critical ICS vulnerabilities enable attackers to gain complete control, threatening emergency communications and operations.
Sources
- Daktronics Controller Firmwarehttps://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it would likely limit the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and controlled egress policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's initial access may be constrained by identity-based policies that limit unauthorized access to critical systems.
Control: Zero Trust Segmentation
Mitigation: Privilege escalation attempts could be limited by enforcing strict segmentation policies that isolate workloads and restrict unauthorized privilege gains.
Control: East-West Traffic Security
Mitigation: Lateral movement may be restricted by monitoring and controlling east-west traffic, thereby limiting unauthorized access to adjacent systems.
Control: Multicloud Visibility & Control
Mitigation: Command and control channels could be detected and disrupted by providing comprehensive visibility and control over multicloud environments.
Control: Egress Security & Policy Enforcement
Mitigation: Data exfiltration attempts may be blocked by enforcing strict egress policies that control outbound data flows.
The overall impact could be mitigated by reducing the attacker's ability to disrupt services and access sensitive data through comprehensive security controls.
Impact at a Glance
Affected Business Functions
- Display Control Systems
- Scoreboard Operations
- Digital Signage Management
Estimated downtime: 3 days
Estimated loss: $50,000
Potential exposure of system configurations and operational data.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict access and limit lateral movement within the network.
- • Enforce strong, unique credentials and eliminate hard-coded passwords to prevent unauthorized access.
- • Deploy Inline IPS (Suricata) to detect and block malicious file uploads and path traversal attempts.
- • Utilize Threat Detection & Anomaly Response systems to monitor for and respond to suspicious activities.
- • Regularly update and patch firmware to mitigate known vulnerabilities and reduce the attack surface.
