According to the security advisory, the Miele Professional PG 8528 appliance is affected by a Web Server Directory Traversal vulnerability tracked as CVE-2017-7240. The Miele Professional PG 8528 is a medical equipment used to disinfect laboratory and surgical instruments. The flaw could be exploited by an unauthenticated attacker to access any directory on the web server.
“The corresponding embeded webserver “PST10 WebServer” typically listens to port 80 and is prone to a directory traversal attack, therefore an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks.” reads the advisory.
The flaw could allow attackers to access sensitive data on the server, to drop and execute malicious code on the web server.
The flaw was discovered by the expert Jens Regel at the German consultancy Schneider & Wulf who reported the issue to Mele in December 2016. Unfortunately, he did not receive the reply from the company, so after four months he decided to publicly disclose it.
Regel also published a proof-of-concept (PoC) exploit code for this flaw, for this reason, it is important that the vendor will fix the issue as soon as possible.
Do you want to hack the Mele washer-disinfector?
It is simple, the PoC exploit code that is used by the expert to request the embedded system’s shadow file and any file on the filesystem.
Proof of Concept:
~$ telnet 192.168.0.1 80
Connected to 192.168.0.1.
Escape character ist '^]'.
GET /../../../../../../../../../../../../etc/shadow HTTP/1.1 to whatever IP the dishwasher has on the LAN.
Waiting for a patch disconnect the washer-disinfector from the Internet.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.