High severity7.5NVD Advisory· Published Mar 24, 2017· Updated May 13, 2026

CVE-2017-7240

Description

An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24.

Affected products

Miele Professional/Pst10 Webserver
cpe:2.3:o:miele_professional:pst10_webserver:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2017/Mar/63nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/97080nvd
ics-cert.us-cert.gov/advisories/ICSA-17-138-01nvd
www.exploit-db.com/exploits/41718/nvd
www.miele.de/en/m/miele-admits-communication-glitch-4072.htmnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.026
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000