In this blog I’m going to share the details of the vulnerabilities and exploit chain mr_me and I used to try (and fail) to pwn Inductive Automation Ignition at the 2022 ICS Pwn2own. The tl;dr is that the Ignition server is vulnerable to authentication bypass due to a poorly seeded