VDE-2025-020
Vulnerability from csaf_wagogmbhcokg - Published: 2025-06-02 06:00 - Updated: 2025-06-02 06:00Summary
WAGO: Switches affected by year 2k38 problem
Notes
Summary: The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1st, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.
Impact: This leads to a reset of the system time and effects the timestamps of the system logs.
A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.
4.3 (Medium)
No Fix Planned
Due to the low impact of the vulnerability and the fact that only the logging functionality is affected, there is no fix planned.
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Marcus Kramh\u00f6ller"
],
"organization": "Noris Automatio GmbH",
"summary": "reporting",
"urls": [
"https://www.noris-group.com/de/"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The Year 2038 Problem affects systems using a 32-bit integer to represent time as the number of seconds since January 1st, 1970. On January 19, 2038, at 03:14:07 UTC, the time value will exceed the maximum for a 32-bit integer, causing an overflow and resetting it to a negative number.",
"title": "Summary"
},
{
"category": "description",
"text": "This leads to a reset of the system time and effects the timestamps of the system logs.",
"title": "Impact"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "WAGO PSIRT",
"url": "https://www.wago.com/de-en/automation-technology/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO",
"url": "https://certvde.com/de/advisories/vendor/wago/"
},
{
"category": "self",
"summary": "VDE-2025-020: WAGO: Switches affected by year 2k38 problem - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-020"
},
{
"category": "self",
"summary": "VDE-2025-020: WAGO: Switches affected by year 2k38 problem - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-020.json"
}
],
"title": "WAGO: Switches affected by year 2k38 problem",
"tracking": {
"aliases": [
"VDE-2025-020"
],
"current_release_date": "2025-06-02T06:00:00.000Z",
"generator": {
"date": "2025-06-02T06:05:47.972Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "VDE-2025-020",
"initial_release_date": "2025-06-02T06:00:00.000Z",
"revision_history": [
{
"date": "2025-06-02T06:00:00.000Z",
"number": "1",
"summary": "Initial release."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "0852-0303",
"product": {
"name": "WAGO Fully Managed Switches 0852-0303",
"product_id": "CSAFPID-11001"
}
},
{
"category": "host_name",
"name": "0852-1305",
"product": {
"name": "WAGO Fully Managed Switches 0852-1305",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "0852-1505",
"product": {
"name": "WAGO Fully Managed Switches 0852-1505",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "0852-1305/0000-0001",
"product": {
"name": "WAGO Fully Managed Switches 0852-1305/0000-0001",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "0852-1505/0000-0001",
"product": {
"name": "WAGO Fully Managed Switches 0852-1505/0000-0001",
"product_id": "CSAFPID-11005"
}
}
],
"category": "product_family",
"name": "Fully Managed Switches"
},
{
"branches": [
{
"category": "product_name",
"name": "0852-1812",
"product": {
"name": "WAGO Lean Managed Switches 0852-1812",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "0852-1813",
"product": {
"name": "WAGO Lean Managed Switches 0852-1813",
"product_id": "CSAFPID-11007"
}
},
{
"category": "host_name",
"name": "0852-1816",
"product": {
"name": "WAGO Lean Managed Switches 0852-1816",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "0852-1813/0000-0001",
"product": {
"name": "WAGO Lean Managed Switches 0852-1813/0000-0001",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "0852-1812/0010-0000",
"product": {
"name": "WAGO Lean Managed Switches 0852-1812/0010-0000",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "0852-1813/0010-0000",
"product": {
"name": "WAGO Lean Managed Switches 0852-1813/0010-0000",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "0852-1813/0010-0001",
"product": {
"name": "WAGO Lean Managed Switches 0852-1813/0010-0001",
"product_id": "CSAFPID-11012"
}
},
{
"category": "product_name",
"name": "0852-1816/0010-0000",
"product": {
"name": "WAGO Lean Managed Switches 0852-1816/0010-0000",
"product_id": "CSAFPID-11013"
}
}
],
"category": "product_family",
"name": "Lean Managed Switches"
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Fully Managed Switches 0852-0303",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Fully Managed Switches 0852-1305",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Fully Managed Switches 0852-1505",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Fully Managed Switches 0852-1305/0000-0001",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Fully Managed Switches 0852-1505/0000-0001",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Lean Managed Switches 0852-1812",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Lean Managed Switches 0852-1813",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Lean Managed Switches 0852-1816",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Lean Managed Switches 0852-1813/0000-0001",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Lean Managed Switches 0852-1812/0010-0000",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Lean Managed Switches 0852-1813/0010-0000",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Lean Managed Switches 0852-1813/0010-0001",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on WAGO Lean Managed Switches 0852-1816/0010-0000",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1235",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.",
"title": "Vulnerability Description"
},
{
"category": "other",
"text": "Due to the reset of the system time, the system log will return a wrong date.",
"title": "Impact"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Due to the low impact of the vulnerability and the fact that only the logging functionality is affected, there is no fix planned.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013"
]
}
],
"title": "CVE-2025-1235"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…