The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.
Nozomi Networks reported a vulnerability in the pfc firmware sdk-G2 of libwagosnmp. The WAGO pfc-firmware-sdk-G2 is a software development kit designed for WAGO PFC devices which allows developers to build and customize the firmware.
Several WAGO Firmwares are vulnerable to an incorrect calculation of the buffer size in the CODESYS OPC UA STACK. This can lead to a crash of the runtime of the affected firmware versions installed on several devices.
The following firmware versions installed on several devices are are vulnerable due to a vulnerability in CODESYS Control.
The following firmware versions installed on several devices are vulnerable due to a vulnerability in the CODESYS Control V3 web server.
Nozomi reported eight vulnerabilities to WAGO affecting different firmwares installed on several devices.
The following vulnerabilities are published with reference to CODESYS Advisory 2023-05, CODESYS Advisory 2023-06 and CODESYS Advisory 2023-09
The WAGO Navigator versions 1.0.1 and 1.0 are vulnerable due to the use of the WiX toolset version 3.11.2.