The JFrog Security team participated in the Pwn2Own Miami 2022 hacking competition, focusing on Industrial Control Systems security, where they disclosed vulnerabilities in the Unified Automation C++-based OPC UA Server SDK. Although they could not demonstrate a remote code execution exploit chain during the competition due to time constraints, they later showed how two disclosed vulnerabilities—an Info Leak and a Heap Overflow—could be exploited for remote code execution. These vulnerabilities require high-privilege authentication to exploit, with hardcoded credentials in the demo server binary aiding the exploitation process. The UaUniString's out-of-bounds read vulnerability leaks memory data, while the replaceArgEscapes() function's heap overflow allows for code execution by overwriting sensitive heap data. The team used techniques like ASLR bypass and a SAT solver to achieve these exploits, highlighting potential risks in OPC UA's implementation and calling for improvements in security practices. Despite the challenges, the vulnerabilities were responsibly disclosed, leading to fixes in the SDK version 1.7.7, and JFrog Security continues to share its findings through blog posts and social media.