In this episode of the Aperture podcast, Claroty Team82 vulnerability research lead Sharon Brizinov covers a presentation he’s giving at the S4x22 conference in Miami that explains a unique attack against Siemens SIMATIC 1200 and 1500 PLCs that enabled native code execution on the device. 
Also, Brizinov explains his participation in the Pwn2Own contest. S4 hosts the only ICS-focused version of Pwn2Own, and this year there are four categories of targets in scope: control servers, OPC UA servers, data gateways, and HMIs.
“The goal in most cases is to achieve remote code execution, not only to find a vulnerability but achieve exploitation,” Brizinov said. “Usually we are able to find at least one vulnerability, but the real challenge is to exploit those vulnerabilities. Usually the difficulty around this is to bypass the different security mitigations that both the software, hardware, or operating system present.”