White hat hackers received a total of $180,000 at the Pwn2Own Miami 2023 hacking contest this week for exploits targeting widely used industrial control system (ICS) products.
At the ICS edition of Pwn2Own, hackers have been invited to demonstrate exploits against OPC UA, data gateway and edge products made by Aveva, Inductive Automation, ProSys, PTC, Softing Industrial Automation, Triangle MicroWorks, and Unified Automation.
Prizes ranged between $5,000 and $40,000 per exploit chain, but none of the participants has earned more than $20,000 for a single exploit.
Researchers received $20,000 for remote code execution exploits targeting Triangle Microworks SCADA Data Gateway, Inductive Automation Ignition, and Softing EdgeAggregator Siemens. A majority of entries demonstrated DoS attacks and earned participants $5,000.
The team from industrial cybersecurity firm Claroty was declared the winner, earning $98,500 for its exploits and an additional $25,000 representing the winner’s bonus.
The exploits — excluding the winner’s bonus — earned participants nearly $155,000. In comparison, at last year’s ICS Pwn2Own, white hat hackers took home a total of $400,000 for more than two dozen unique exploits.
Vulnerabilities demonstrated at Pwn2Own are reported to the vendors whose products they impact.
Related: Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition
Related: Tesla Returns as Pwn2Own Hacker Takeover Target
Related: Device Exploits Earn Hackers Nearly $1 Million at Pwn2Own Toronto 2022