Welcome to the final day of the first ever Pwn2Own Automotive! We’re already over $1 million in prizes awarded, and today’s attempts will keep the wins going. We’ll be updating this blog as well as social media with results in real time. All times are in Japan Standard Time (GMT +9).
SUCCESS – Computest Sector 7 used a 2-bug chain to exploit the ChargePoint Home Flex. They earn $30,000 and 6 Master of Pwn Points.
FAILURE – Connor Ford was not able to get his exploit of the Phoenix Contact CHARX SEC-3100 working in the time allotted.
SUCCESS Synacktiv exploited the Sony XAV-AX5500. They earn $20,000 and 4 Master of Pwn Points.
FAILURE – Katsuhiko Sato was not able to get his exploit of the Pioneer DMH-WT7600NEX working in the time allotted.
SUCCESS – Sina Kheirkhah used a 2-bug chain to exploit the Ubiquiti Connect EV. He earns $30,000 and 6 Master of Pwn Points.
SUCCESS / BUG COLLISION – fuzzware.io used a 2-bug chain to exploit the Phoenix Contact CHARX SEC-3100. However, one of the bugs was previously known. They still earn $22,500 and 4.5 Master of Pwn Points.
SUCCESS – Connor Ford of Nettitude used a stack-based buffer overflow in his exploit of the JuiceBox 40 Smart EV Charging Station. He earns $30,000 and 6 Master of Pwn Points.
SUCCESS / BUG COLLISION – Team Cluck used a 4-bug chain to exploit the Phoenix Contact CHARX SEC-3100. However, one of the bugs was previously known. They still earn $26,250 and 5.25 Master of Pwn Points.
SUCCESS – fuzzware.io used a buffer overflow to exploit the EMPORIA EV Charger Level 2. They earn $60,000 and 6 Master of Pwn Points.
The first ever Pwn2Own Automotive is in the books! We awarded $1,323,750 throughout the event and discovered 49 unique zero-days. A special congratulations to Synacktiv, the Masters of Pwn! Stay with us here and across social media as we prepare for Pwn2Own Vancouver in March!
Written by admin
March 1, 2024GFN Thursday celebrates this leap day with the addition of a popular game store to the cloud. Stream the first titles from Blizzard Entertainment’s Battle.net, including Diablo IV, Overwatch 2, Call of Duty HQ and Hearthstone, now playable across more...
ZDI-24-214: NI FlexLogger RabbitMQ Incorrect Permission Assignment Local Privilege Escalation VulnerabilityFebruary 29, 2024This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a...
ZDI-24-213: NI FlexLogger userservices Missing Authorization Local Privilege Escalation VulnerabilityFebruary 29, 2024