VDE-2025-007 | CERT@VDE

2025-04-15 12:00 (CEST) VDE-2025-007

WAGO: Year 2038 problem

Share: Email | Twitter

ID

VDE-2025-007

Published

2025-04-15 12:00 (CEST)

Last update

2025-04-17 11:09 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
	CC100 0751-9x01	< 04.07.01 (70)
	PFC100 G1 0750-810x/xxxx-xxxx	< 3.10.11 (FW22 Patch 2)
	PFC100 G1 0750-810x/xxxx-xxxx	< 03.10.11 (70)
	PFC100 G2 0750-811x-xxxx-xxxx	< 04.07.01 (FW29)
	PFC100 G2 0750-811x-xxxx-xxxx	< 04.07.01 (70)
	PFC200 G1 750-820x-xxx-xxx	< 3.10.11 (FW22 Patch 2)
	PFC200 G1 750-820x-xxx-xxx	< 03.10.11 (70)
	PFC200 G2 750-821x-xxx-xxx	< 04.07.01 (FW29)
	PFC200 G2 750-821x-xxx-xxx	< 04.07.01 (70)
	TP600 0762-420x/8000-000x	< 04.07.01 (FW29)
	TP600 0762-420x/8000-000x	< 04.07.01 (70)
	TP600 0762-430x/8000-000x	< 04.07.01 (FW29)
	TP600 0762-430x/8000-000x	< 04.07.01 (70)
	TP600 0762-520x/8000-000x	< 04.07.01 (FW29)
	TP600 0762-520x/8000-000x	< 04.07.01 (70)
	TP600 0762-530x/8000-000x	< 04.07.01 (FW29)
	TP600 0762-530x/8000-000x	< 04.07.01 (70)
	TP600 0762-620x/8000-000x	< 04.07.01 (FW29)
	TP600 0762-620x/8000-000x	< 04.07.01 (70)
	TP600 0762-630x/8000-000x	< 04.07.01 (FW29)
	TP600 0762-630x/8000-000x	< 04.07.01 (70)
	WAGO CC100 0751-9x01	< 04.07.01 (FW29)
	WAGO Edge Controller 0752-8303/8000-0002	< 04.07.01 (FW29)
	WAGO Edge Controller 0752-8303/8000-0002	< 04.07.01 (70)

Summary

The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.

CVE ID

CVE-2025-0101

Last Update:

16. April 2025 09:15

Severity

6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Weakness

Integer Overflow or Wraparound (CWE-109)

Summary

A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart.

Details

Impact

This could lead to some functions to work unexpected or stop working at all. This affects the devices both during runtime and after a restart.

Solution

Remediation

Update to Firmware 4.7.1 (FW29), Firmware 03.10.11 (FW22 Patch 2). For the latest Custom Firmware, please contact the WAGO support.

Reported by

CERT@VDE coordinated with WAGO

Reporting: Marcus Kramhöller from Noris Automatio GmbH