Article No° | Product Name | Affected Version(s) |
---|---|---|
Fully Managed Switches 0852-0303 | all | |
Fully Managed Switches 0852-1305 | all | |
Fully Managed Switches 0852-1305/0000-0001 | all | |
Fully Managed Switches 0852-1505 | all | |
Fully Managed Switches 0852-1505/0000-0001 | all | |
Lean Managed Switches 0852-1812 | all | |
Lean Managed Switches 0852-1812/0010-0000 | all | |
Lean Managed Switches 0852-1813 | all | |
Lean Managed Switches 0852-1813/0000-0001 | all | |
Lean Managed Switches 0852-1813/0010-0000 | all | |
Lean Managed Switches 0852-1813/0010-0001 | all | |
Lean Managed Switches 0852-1816 | all | |
Lean Managed Switches 0852-1816/0010-0000 | all |
The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1st, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.
A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.
This leads to a reset of the system time and effects the timestamps of the system logs.
Due to the low impact of the vulnerability and the fact that only the logging functionality is affected, there is no fix planned.
CERT@VDE coordinated with Wago
Reporting: Marcus Kramhöller from Noris Automatio GmbH