Ripple20
Ripple20 is a series of 19 vulnerabilities and security issues found and reported last month by researchers at JSOF.
I was part of the team researching these issues, focusing especially on the exploitation of CVE-2020-11901 on a Schneider UPS device.
This vulnerability provides an attacker with a controlled heap overflow primitive, resulting in remote code execution of arbitrary payloads. Read more about this vulnerability and its exploitation in the white paper.
Press & Links
- Hacking the Supply Chain - Presentations:
- Wired article.
- Security Now podcast Ripple20 episode.
- …