Ripple20

Ripple20 is a series of 19 vulnerabilities and security issues found and reported last month by researchers at JSOF.

I was part of the team researching these issues, focusing especially on the exploitation of CVE-2020-11901 on a Schneider UPS device.

This vulnerability provides an attacker with a controlled heap overflow primitive, resulting in remote code execution of arbitrary payloads. Read more about this vulnerability and its exploitation in the white paper.