Cognite Dev Blog: Pwn2Own or Not2Pwn, Part 3: The lazy man’s escalation

  • 27 March 2021
  • 0 replies
  • 30 views

Userlevel 4

By Cim Stordal March 1, 2021
 

Welcome back to our Pwn2Own or Not2Pwn series about our Schneider Electric EcoStruxure Operator Terminal Expert exploit attempt. To catch you up: In part 1, we gave an overview of the full chain. In part 2, we detailed the initial code execution exploit, and in part 2.5, we offered an additional set of vulnerabilities that can be used for code execution. In this final entry in the series, we’ll detail how to escalate privileges into system-level privileges.

Read the full story


0 replies

Be the first to reply!

Reply