In elite dishwasher Miele found a dangerous “hole”. The manufacturer does not...

In elite dishwasher Miele found a dangerous “hole”. The manufacturer does not respond for six months


Remote control

Security experts discovered a serious vulnerability in the software server installed on a professional dishwasher Miele PG 8528 Professional. The manufacturer was notified about the problem, but no response from his side there in the fall of 2016.

The company Miele manufactures kitchen and expensive medical equipment. System Miele Professional PG 8528, for example, is a dishwasher and disinfector for the use in medical institutions.

The manufacturer has equipped this machine with a web server PST10 that it was controlled remotely via a web browser.

Expert on cybersecurity Jens Regel (Jens Regel) from the consulting firm of Schneider & Wulf found on this server breach moderate risk:

“Built-in web server PST10 WebServer usually listens on port 80 and is vulnerable to the attack class directory traversal, which means that an unauthorized attacker could exploit this issue to retrieve relevant information, with which is possible follow-up attacks,” reads the description of the problem.

Entry point

The essence of the attack Directory Traversal is to obtain illegitimate access to the required file on the server using errors security system and by substitution of file path.

Medical dishwasher Miele Professional PG 8528