SIEMENS-SSA-646763 · Published 2021-05-11 · View on Siemens ProductCERT ↗

SSA-646763 V1.3 (Last Update: 2021-05-11): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices

CVSS 8.1 HIGH

Risk Summary

<p>Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below.</p> <p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>

CVEs (4)

CVE-2020-25681 CVE-2020-25687 CVE-2020-25684 CVE-2020-25686

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-646763 V1.3 (Last Update: 2021-05-11): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more