|CERT-In Vulnerability Note
DNSMasq Vulnerabilities in Siemens SCALANCE products
Original Issue Date:January 11, 2018
Severity Rating: MEDIUM
- SCALANCE W1750D: All versions
- SCALANCE M800 / S615: All versions
Multiple vulnerabilities have been reported in Siemens SCALANCE devices, which could allow a remote attacker to crash the DNS service resulting in a denial of Service (DoS) condition or execute arbitrary code.
1. Denial of Service Vulnerabilities
This vulnerability exists due to improper memory allocation by the affected software. A remote attacker could exploit this vulnerability by sending specially crafted request messages to the service. Successful exploitation of this vulnerability could allow the attacker to crash the DNSmasq process resulting in Denial of Service (DoS) condition on the targeted system.
Note: An attacker must be in the internal network in order to exploit these vulnerabilities.
2. Heap-Based Buffer Overflow Vulnerability
This vulnerability exists due to improper processing of crafted DNS packets by the affected software. A remote attacker could exploit this vulnerability by sending specially crafted DNS responses to the DNSmasq process. Successful exploitation of the vulnerability could allow the attacker to execute arbitrary code or cause a denial of service (DoS) condition.
Note: In order to exploit this vulnerability, an attacker must be able to trigger DNS requests from the device and must be in a position that allows the injection of malicious DNS responses.
- For SCALANCE W1750D: Customers who do not use the "OpenDNS", "Captive
Portal" or "URL redirection" functionality can deploy firewall rules in the device configuration to block incoming access to port 53/UDP.
- For SCALANCE M800/S615: Disable DNS proxy in the device configuration ("System
-DNS - DNS Proxy - Disable Checkbox, Enable DNS Proxy"), and configure the connected devices in the internal network to use a different DNS server.
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
Apply appropriate updates as mentioned in the security advisory
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003