"Hackers Earn $180,000 for ICS Exploits at Pwn2Own Miami 2023"

White hat hackers recently received a total of $180,000 at the Pwn2Own Miami 2023 hacking contest for exploits targeting widely used industrial control system (ICS) products.  At the ICS edition of Pwn2Own, hackers were invited to demonstrate exploits against OPC UA, data gateway, and edge products made by Aveva, Inductive Automation, ProSys, PTC, Softing Industrial Automation, Triangle MicroWorks, and Unified Automation.  Prizes ranged between $5,000 and $40,000 per exploit chain, but none of the participants earned more than $20,000 for a single exploit.   Researchers received $20,000 for remote code execution exploits targeting Triangle Microworks SCADA Data Gateway, Inductive Automation Ignition, and Softing EdgeAggregator Siemens.  A majority of entries demonstrated DoS attacks and earned participants $5,000.  The team from industrial cybersecurity firm Claroty was declared the winner, earning $98,500 for its exploits and an additional $25,000 representing the winner’s bonus.  Exploits earned participants nearly $155,000, excluding the winner’s bonus.  In comparison, at last year’s ICS Pwn2Own, white hat hackers took home a total of $400,000 for more than two dozen unique exploits.  Vulnerabilities demonstrated at Pwn2Own are reported to the vendors whose products they impact. 

SecurityWeek reports: "Hackers Earn $180,000 for ICS Exploits at Pwn2Own Miami 2023"