cbcvebase.
CVE-2017-7240
published 2017-03-24

CVE-2017-7240: An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone…

PriorityP265high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
17.41%
96.7th percentile
An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24.

Detection & IOCsextracted from sources · hover to see the quote

commandGET /../../../../../../../../../../../../etc/shadow HTTP/1.1
path/../../../../../../../../../../../../etc/shadow
otherPST10 WebServer
  • Detect directory traversal attempts against the PST10 WebServer by monitoring HTTP GET requests containing repeated '../' sequences targeting sensitive paths such as /etc/shadow on port 80.
  • Identify the vulnerable server in HTTP response headers by the 'Server: PST10 WebServer' banner, which indicates a Miele Professional PG 85 series device that may be exposed.
  • Flag HTTP responses with Content-disposition header containing filename="./etc/shadow" as evidence of successful directory traversal exploitation.
  • The exploit requires no authentication; monitor for unauthenticated HTTP GET requests with deep traversal sequences (11+ '../' segments) on port 80 to Miele PST10 WebServer hosts.
  • ·The vulnerability is exploitable only when the PST10 WebServer is network-accessible; devices isolated behind firewalls or not exposed to the internet are at significantly reduced risk.
  • ·Public proof-of-concept exploit code is available, raising the likelihood of opportunistic scanning; CVSS v3 base score is 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.