The Register reports on CVE-2017-7240, Web Server Directory Traversal in the Miele Professional PG 8528 Dishwasher (which is used in medical establishments to clean and properly disinfect laboratory and surgical instruments).
Yes, Dishwashers (and many microwaves and ovens) now come with touch screens, and network ports. Of course, as El Reg puts it
Appliance makers: stop trying to connect to the Internet, you’re no good at it. ®
but in this case the webserver even makes sense. The PG 8528 is a commercial washer and desinfector for hospitals and probably comes with remote service and diagnostics.
That makes it even worse that Miele has no security process for these devices at all:
And because Miele is an appliance company and not a pure-play IT company, it doesn’t have a process for reporting or fixing bugs.
Miele did not respond to the bug report they received in November 2016, ever.