A German researcher spotted a flaw in a networked dishwasher that could allow an attacker to access sensitive information on the appliance's network.
German security researcher Jens Regel spotted the web server security flaw in a Miele Professional PG 8528, a commercial dishwashers with IoT capabilities. If exploited the vulnerability could allow an attacker to access the appliance's embedded web server that is always connected to port 80, according to a 24 March Seclist Full Disclosure.
The bug could be exploited by an unauthenticated attacker in order to access sensitive information on the network to use in subsequent attacks. The vulnerability was discovered in November 2016 and the vendor was contacted shortly after its discovery. The researcher asked for an update on two occasions and has yet to receive a response.