Pwn2Own Miami 2022 Schedule
April 18, 2022 | Dustin Childs¡Bienvenidos de nuevo a Miami!
Welcome to Pwn2Own Miami 2022! This year’s ICS-focused event promises to be three days of great research and exploits, as we have 32 total entries from 11 contestants. As always, we began our contest with a random drawing to determine the order of attempts. If you missed it, you can watch the replay here.
The complete schedule for the contest is below (all times Eastern [GMT -4:00]).
Note: All times subject to change - You can see the results and live updates here once they become available. Entries marked with a 📷 icon will be live streamed on YouTube, Twitch, and Twitter.
Tuesday, April 19
09:30 - 20urdjk targeting Unified Automation C++ Demo Server with a DoS in the OPC UA Server category
10:30 - @_s_n_t from @pentestltd targeting Inductive Automation Ignition with an RCE in the Control Server category
📷 11:30 - Incite Team of Steven Seeley (@steventseeley) and Chris Anastasio (@mufinnnnnnn) targeting Iconics Genesis64 with an RCE in the Control Server category
11:30: Or Peles, Omer Kaspi and Uriya Yavnieli from JFrog Security Research targeting the Unified Automation C++ Demo Server with a DoS in the OPC UA Server category
13:00 - Flashback Team of Pedro Ribeiro (@pedrib1337) and Radek Domanski (@RabbitPro) targeting AVEVA Edge with an RCE in the Human Machine Interface category
13:00 - Daan Keuper (@daankeuper) and Thijs Alkemade (@xnyhps) from Computest Sector 7 (@sector7_nl) targeting Inductive Automation Ignition with an RCE in the Control Server category
📷 14:00 - Axel '0vercl0k' Souchet of https://doar-e.github.io targeting Iconics Genesis64 with an RCE in the Control Server category
14:00 - Claroty Research targeting the Prosys OPC UA SDK for Java with a DoS in the OPC UA Server category
15:00 - Daan Keuper (@daankeuper) and Thijs Alkemade (@xnyhps) from Computest Sector 7 (@sector7_nl) targeting AVEVA Edge with an RCE in the Human Machine Interface category
15:00 - 20urdjk targeting Inductive Automation Ignition with an RCE in the Control Server category
16:00 - Incite Team of Steven Seeley (@steventseeley) and Chris Anastasio (@mufinnnnnnn) targeting Triangle Microworks SCADA Data Gateway with an RCE in the Data Gateway category
16:00 - Claroty Research (@claroty) targeting Iconics Genesis64 with an RCE in the Control Server category
📷 17:00 - Flashback Team of Pedro Ribeiro (@pedrib1337) and Radek Domanski (@RabbitPro) targeting Inductive Automation Ignition with an RCE in the Control Server category
18:00 - Claroty Research (@claroty) targeting the OPC Foundation OPC UA .NET Standard with a DoS in the OPC UA Server category
18:00 - Daan Keuper (@daankeuper) and Thijs Alkemade (@xnyhps) from Computest Sector 7 (@sector7_nl) targeting Iconics Genesis64 with an RCE in the Control Server category
19:00 - Incite Team of Steven Seeley (@steventseeley) and Chris Anastasio (@mufinnnnnnn) targeting AVEVA Edge with an RCE in the Human Machine Interface category
Wednesday, April 20
09:30 - Daan Keuper (@daankeuper) and Thijs Alkemade (@xnyhps) from Computest Sector 7 (@sector7_nl) targeting the Unified Automation C++ Demo Server with a DoS in the OPC UA Server category
10:30 - Piotr Bazydło (@chudyPB) targeting Inductive Automation Ignition with an RCE in the Control Server category
11:30 - Or Peles, Omer Kaspi and Uriya Yavnieli from JFrog Security Research targeting the OPC Foundation OPC UA .NET Standard with an DoS in the OPC UA Server category
11:30 - Ben McBride (@bdmcbri) targeting Iconics Genesis64 with an RCE in the Control Server category
12:30 - Incite Team of Steven Seeley (@steventseeley) and Chris Anastasio (@mufinnnnnnn) targeting Inductive Automation Ignition with an RCE in the Control Server category
12:30 - Claroty Research (@claroty) targeting AVEVA Edge with an RCE in the Human Machine Interface category
📷 13:30 - Daan Keuper (@daankeuper) and Thijs Alkemade (@xnyhps) from Computest Sector 7 (@sector7_nl) targeting the OPC Foundation OPC UA .NET Standard with a Bypass of the Trusted Application Check in the OPC UA Server category
13:30 - Piotr Bazydło (@chudypb) targeting Iconics Genesis64 with an RCE in the Control Server category
14:30 - Christopher Hernandez targeting AVEVA Edge with an RCE in the Human Machine Interface category
15:30 - Claroty Research (@claroty) targeting Unified Automation C++ Demo Server with a DoS in the OPC UA Server category
15:30 - Flashback Team of Pedro Ribeiro (@pedrib1337) and Radek Domanski (@RabbitPro) targeting Iconics Genesis64 with an RCE in the Control Server category
16:30 - Piotr Bazydło (@chudypb) targeting AVEVA Edge with an RCE in the Human Machine Interface category
📷 17:20 - Claroty Research (@claroty) targeting Kepware KEPServerEx with an RCE in the Data Gateway category
Thursday, April 21
09:30 - Incite Team of Steven Seeley (@steventseeley) and Chris Anastasio (@mufinnnnnnn) targeting Softing Secure Integration Server with an RCE in the OPC UA Server category
10:30 - Flashback Team of Pedro Ribeiro (@pedrib1337) and Radek Domanski (@RabbitPro) targeting Softing Secure Integration Server with an RCE in the OPC UA Server category
11:30 - Claroty Research (@claroty) targeting the Softing Secure Integration Server with a DoS in the OPC UA Server category
We’ll be posting updates on our Twitter page, and look for live video updates on Twitter as well. We wish all contestants good luck, and may all your exploits be unique and effective.