Share: Email | Twitter

ID

VDE-2025-020

Published

2025-06-02 08:00 (CEST)

Last update

2025-06-02 08:04 (CEST)

Vendor(s)

WAGO GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
Fully Managed Switches 0852-0303 all
Fully Managed Switches 0852-1305 all
Fully Managed Switches 0852-1305/0000-0001 all
Fully Managed Switches 0852-1505 all
Fully Managed Switches 0852-1505/0000-0001 all
Lean Managed Switches 0852-1812 all
Lean Managed Switches 0852-1812/0010-0000 all
Lean Managed Switches 0852-1813 all
Lean Managed Switches 0852-1813/0000-0001 all
Lean Managed Switches 0852-1813/0010-0000 all
Lean Managed Switches 0852-1813/0010-0001 all
Lean Managed Switches 0852-1816 all
Lean Managed Switches 0852-1816/0010-0000 all

Summary

The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1st, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.


CVE ID

CVE-2025-1235

Last Update:

25. April 2025 10:28

Weakness

Integer Overflow or Wraparound  (CWE-190) 

Summary

A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.

Details

certvde.com 

Impact

This leads to a reset of the system time and effects the timestamps of the system logs.

Solution

Due to the low impact of the vulnerability and the fact that only the logging functionality is affected, there is no fix planned.

Reported by

CERT@VDE coordinated with Wago

Reporting: Marcus Kramhöller from Noris Automatio GmbH