gabardine hat hack make a totality of $ 280,000 for the tap they evidence in January ’s Pwn2Own contest at the Zero Day Initiative , include $ 80,000 for exposure get hold in the Genesis64 HMI / SCADA production from ICONICS . The research worker who successfully whoop the ICONICS mathematical product were Flashback team up ’s Pedro Ribeiro and Radek Domanski ; Horst Goertz Institute for IT - Security ‘s Tobias Scharnowski , Niklas Breitfeld , and Ali Abbasi ; Yehuda Anikster of Claroty ; and Incite team ’s Steven Seeley and Chris Anastasio . They account to ICONICS five decisive and heights - badness exposure , admit those that admit a remote aggressor to do arbitrary cypher and to launch self-renunciation - of – table service ( DoS ) flak by institutionalize particularly craft packet to the point scheme . One vulnerability could grant the instruction execution of arbitrary SQL mastery by an assailant . Genesis64 , Hyper Historian , AnalytiX , MobileHMI , Genesis32 and BizViz cause fault . Mitsubishi ’s MC Works64 and MC Works32 SCADA lotion have likewise been find to take the Saami vulnerability . The U.S. has bring out fork advisory for the stirred product ICONICS and Mitsubishi . Security Agency for Cybersecurity and Infrastructure ( CISA ) , and seller . ZDI has narrate SecurityWeek that advisory for the ICONICS vulnerability scupper at Pwn2Own Miami will be exhaust before long . Claroty , an industrial cybersecurity unwaveringly , light upon CVE-2020 - 12015 , a hemipterous insect to deserialize that can be used for DOS assault . This was one of five tap that the team at Pwn2Own attest — the early flaw impress mathematical product from assorted seller . “ The ICONICS Genesis64 programme is a human being - simple machine user interface ( HMI ) inspection and repair that enable several different ‘ patronise flooring ’ twist to be connected and monitor . This scheme can be used to tag and contend forcible work in diverse upright of the mechanization public . This stand for that disenable the summons through a come onslaught will destruct the ability to mastery the mental process and stimulate it to be close down , ” Nadav order . “ A Remote Code Execution ( RCE ) round on such a overhaul might earmark the attacker to modify the prize verify by the engineer , thus besides adventure the certificate of the surgery . No hallmark was needful for all reported vulnerability , thusly an attacker with network get at could effort them and attempt the Robert William Service , ” Erez clarify .