That’s a wrap for Pwn2Own Miami 2023!
Congratulations to the Masters of Pwn – Claroty! Uri Katz and Noam Moshe of Team82 dominated the competition, succeeding at all 10 of their attempts and earning a total of $98,500 + the $25,000 winner’s bonus.
We’re already looking forward to Pwn2Own Vancouver next month – follow us on Twitter, YouTube, Mastodon, LinkedIn, and Instagram to stay updated!
Welcome to Day 3 of Pwn2Own Miami 2023. We’ll be updating this blog in real time as results become available. For this year’s event, each round will receive the full payout for unique entries.
All results current as of 1300 Eastern (GMT -5)
SUCCESS – Claroty used a resource exhaustion in their DoS attack against the Prosys OPC UA Simulation Server. They earn $5,000 and 5 Master of Pwn points.
SUCCESS – Axel Souchet used a null pointer deref to execute his DoS attack against the Unified Automation UaGateway. He earns $5,000 and 5 Master of Pwn points.
SUCCESS / COLLISION – Claroty was able to execute their RCE attack against the Softing Secure Integration Server. However, one of the bugs in the exploit they used was previously known. They still earn $18,500 and 18.5 Master of Pwn points.
FAILURE – shuffle2 was unable to get their RCE exploit of the PTC KepServerEx working within the time allotted.
Written by admin
NEWS
-
How AI Is Personalizing Customer Service Experiences Across Industries
September 7, 2024Customer service departments across industries are facing increased call volumes, high customer service agent turnover, talent shortages and shifting customer expectations. Customers expect both self-help options and real-time, person-to-person support. These expectations for seamless, personalized experiences extend across digital communication... -
ZDI-24-1195: Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
September 6, 2024This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a... -
ZDI-24-1193: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
September 6, 2024This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI...