DoS’ing an air conditioner
March 31st, 2008
No comments
As our refrigerators and microwaves become part of the internet, their firmware — unexposed before — will be a regular candidate to security research. This CVE was assigned today, discovered by Chris Withers:
CVE-2008-1546:
servlet/MIMEReceiveServlet in the web controller for Mitsubishi Electric GB-50
and GB-50A air-conditioning control systems allows remote attackers to cause
a denial of service (air-conditioning outage) via an XML document containing
a setRequest command.
I’m still hoping for the first GNU/Toaster.
Categories: Uncategorized