CVE-2025-1235 (GCVE-0-2025-1235)
Vulnerability from cvelistv5 – Published: 2025-06-02 06:23 – Updated: 2025-06-02 17:03
VLAI?
Summary
A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.
Severity ?
4.3 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WAGO | Fully Managed Switches 0852-0303 |
Affected:
all
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Marcus Kramhöller from Noris Automatio GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T17:02:26.990253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T17:03:08.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fully Managed Switches 0852-0303",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fully Managed Switches 0852-1305",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fully Managed Switches 0852-1305/0000-0001",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fully Managed Switches 0852-1505",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fully Managed Switches 0852-1505/0000-0001",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switches 0852-1812",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switches 0852-1812/0010-0000",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switches 0852-1813",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switches 0852-1813/0000-0001",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switches 0852-1813/0010-0000",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switches 0852-1813/0010-0001",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switches 0852-1816",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Lean Managed Switches 0852-1816/0010-0000",
"vendor": "WAGO",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marcus Kramh\u00f6ller from Noris Automatio GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970."
}
],
"value": "A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T06:23:19.261Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2025-020"
}
],
"source": {
"advisory": "VDE-2025-020",
"defect": [
"CERT@VDE#641749"
],
"discovery": "UNKNOWN"
},
"title": "WAGO: Switches affected by year 2k38 problem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-1235",
"datePublished": "2025-06-02T06:23:19.261Z",
"dateReserved": "2025-02-11T15:46:42.856Z",
"dateUpdated": "2025-06-02T17:03:08.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-1235\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2025-06-02T07:15:21.450\",\"lastModified\":\"2025-06-02T17:32:17.397\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.\"},{\"lang\":\"es\",\"value\":\"Un atacante con pocos privilegios puede fijar la fecha de los dispositivos al 19 de enero de 2038 y, por lo tanto, superar el l\u00edmite de 32 bits. Esto provoca que la fecha del switch se retrase al 1 de enero de 1970.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2025-020\",\"source\":\"info@cert.vde.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1235\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-02T17:02:26.990253Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-02T17:02:32.337Z\"}}], \"cna\": {\"title\": \"WAGO: Switches affected by year 2k38 problem\", \"source\": {\"defect\": [\"CERT@VDE#641749\"], \"advisory\": \"VDE-2025-020\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Marcus Kramh\\u00f6ller from Noris Automatio GmbH\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"WAGO\", \"product\": \"Fully Managed Switches 0852-0303\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Fully Managed Switches 0852-1305\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Fully Managed Switches 0852-1305/0000-0001\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Fully Managed Switches 0852-1505\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Fully Managed Switches 0852-1505/0000-0001\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Lean Managed Switches 0852-1812\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Lean Managed Switches 0852-1812/0010-0000\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Lean Managed Switches 0852-1813\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Lean Managed Switches 0852-1813/0000-0001\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Lean Managed Switches 0852-1813/0010-0000\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Lean Managed Switches 0852-1813/0010-0001\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Lean Managed Switches 0852-1816\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"WAGO\", \"product\": \"Lean Managed Switches 0852-1816/0010-0000\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2025-020\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2025-06-02T06:23:19.261Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-1235\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-02T17:03:08.740Z\", \"dateReserved\": \"2025-02-11T15:46:42.856Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2025-06-02T06:23:19.261Z\", \"assignerShortName\": \"CERTVDE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…