SSA-646763 V1.0: DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices


2021-01-19 00:00:00 UTC


Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below.

Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.