SSA-646763 V1.0: DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices

Published

2021-01-19 00:00:00 UTC

Summary

Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below.

Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.