CVE-2025-1235

Summary

A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.

Affected Software

VendorProductVersion RangeStatus
WAGOFully Managed Switches 0852-0303allaffected
WAGOFully Managed Switches 0852-1305allaffected
WAGOFully Managed Switches 0852-1305/0000-0001allaffected
WAGOFully Managed Switches 0852-1505allaffected
WAGOFully Managed Switches 0852-1505/0000-0001allaffected
WAGOLean Managed Switches 0852-1812allaffected
WAGOLean Managed Switches 0852-1812/0010-0000allaffected
WAGOLean Managed Switches 0852-1813allaffected
WAGOLean Managed Switches 0852-1813/0000-0001allaffected
WAGOLean Managed Switches 0852-1813/0010-0000allaffected
WAGOLean Managed Switches 0852-1813/0010-0001allaffected
WAGOLean Managed Switches 0852-1816allaffected
WAGOLean Managed Switches 0852-1816/0010-0000allaffected

Weaknesses

  • CWE-190: CWE-190 Integer Overflow or Wraparound

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References