CVE-2023-49441 Siemens CVE debrief

Who should care

Industrial control system operators, OT security teams, critical infrastructure defenders, and network administrators managing Siemens SCALANCE or RUGGEDCOM router deployments in manufacturing, energy, transportation, and other industrial environments.

Technical summary

The vulnerability exists in dnsmasq version 2.9 within the forward_query function, where an integer overflow can occur. This affects embedded dnsmasq implementations in Siemens industrial networking equipment. The CVSS vector indicates the attack vector is network-accessible, requires low attack complexity, no privileges, and no user interaction, resulting in high availability impact. Twenty-six distinct Siemens router products are affected across the SCALANCE M800/M800PB, M812, M816, M826, M874, M876, MUM853, MUM856 series, RUGGEDCOM RM1224, and SCALANCE S615 product lines.

Defensive priority

HIGH

Recommended defensive actions

• Update affected Siemens SCALANCE and RUGGEDCOM routers to firmware version 8.2 or later
• Verify dnsmasq component versions in deployed industrial routers
• Apply network segmentation for industrial control systems per CISA recommended practices
• Monitor for anomalous DNS query patterns that may indicate exploitation attempts
• Review Siemens security advisory SSA-354112 for additional product-specific guidance

Evidence notes

CISA ICS advisory ICSA-24-319-06 documents this vulnerability in Siemens SCALANCE M-800 family and related industrial routers. The advisory was revised May 6, 2025 to fix typos. The underlying dnsmasq 2.9 integer overflow in forward_query was disclosed with vendor fix availability.

Official resources