Zurück zur Übersicht

WAGO: Year 2038 problem

VDE-2025-007
Last update
15.04.2025 12:00
Published at
15.04.2025 12:00
Vendor(s)
WAGO GmbH & Co. KG
External ID
VDE-2025-007
CSAF Document
Download

Summary

The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.

Impact

This could lead to some functions to work unexpected or stop working at all. This affects the devices both during runtime and after a restart.

Affected Product(s)

Model no. Product name Affected versions
0751-9?01 WAGO CC100 0751-9x01 WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70)
0752-8303/8000-0002 WAGO Edge Controller 0752-8303/8000-0002 Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29)
0750-810?/????-???? WAGO PFC100 G1 0750-810x/xxxx-xxxx WAGO Firmware <3.10.11 (FW22 Patch 2), Custom Firmware <03.10.11 (70)
0750-811?-????-???? WAGO PFC100 G2 0750-811x-xxxx-xxxx Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29)
750-820?-????-???? WAGO PFC200 G1 750-820x-xxx-xxx Custom Firmware <03.10.11 (70), WAGO Firmware <3.10.11 (FW22 Patch 2)
750-821?-????-???? WAGO PFC200 G2 750-821x-xxx-xxx Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29)
0762-420?/8000-000? WAGO TP600 0762-420x/8000-000x WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70)
0762-430?/8000-000? WAGO TP600 0762-430x/8000-000x Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29)
0762-520?/8000-000? WAGO TP600 0762-520x/8000-000x Custom Firmware <04.07.01 (70), WAGO Firmware <04.07.01 (FW29)
0762-530?/8000-000? WAGO TP600 0762-530x/8000-000x WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70)
0762-620?/8000-000? WAGO TP600 0762-620x/8000-000x WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70)
0762-630?/8000-000? WAGO TP600 0762-630x/8000-000x WAGO Firmware <04.07.01 (FW29), Custom Firmware <04.07.01 (70)

Vulnerabilities

Expand / Collapse all

Published
22.09.2025 14:57
Severity
6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness
Integer Overflow or Wraparound (CWE-190)
Summary

A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart.

References
cve.org | nvd.nist.gov

Remediation

Update to Firmware 4.7.1 (FW29), Firmware 03.10.11 (FW22 Patch 2). For the latest Custom Firmware, please contact the WAGO support.

Revision History

Version Date Summary
1 15.04.2025 12:00 Initial release.