"FAILURE - Autocrypt - Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi - targeted the Grizzl‑E Smart 40A with the Charging Connector Protocol/Signal Manipulation add‑on but were unable to demonstrate the vulnerability within the allotted time."
"SUCCESS - Julien COHEN‑SCALI of FuzzingLabs (@FuzzingLabs) targeted the Phoenix Contact CHARX SEC‑3150, chaining two vulnerabilities - an authentication bypass and privilege escalation - to earn $20,000 USD and 4 Master of Pwn points."
Autocrypt researchers Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi targeted the Grizzl‑E Smart 40A with the Charging Connector Protocol/Signal Manipulation add‑on but were unable to demonstrate the vulnerability within the allotted time. Julien COHEN‑SCALI of FuzzingLabs targeted the Phoenix Contact CHARX SEC‑3150 and chained two vulnerabilities: an authentication bypass followed by a privilege escalation. The exploit chain earned $20,000 USD and 4 Master of Pwn points. The successful chain shows how combining bypass and escalation produces significant impact. The failed attempt underscores time constraints and complexity in hardware protocol manipulation testing.
Read at Zero Day Initiative
Unable to calculate read time
Collection
[
|
...
]