CVE-2025-1235
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WAGO | Fully Managed Switches 0852-0303 | all | affected |
| WAGO | Fully Managed Switches 0852-1305 | all | affected |
| WAGO | Fully Managed Switches 0852-1305/0000-0001 | all | affected |
| WAGO | Fully Managed Switches 0852-1505 | all | affected |
| WAGO | Fully Managed Switches 0852-1505/0000-0001 | all | affected |
| WAGO | Lean Managed Switches 0852-1812 | all | affected |
| WAGO | Lean Managed Switches 0852-1812/0010-0000 | all | affected |
| WAGO | Lean Managed Switches 0852-1813 | all | affected |
| WAGO | Lean Managed Switches 0852-1813/0000-0001 | all | affected |
| WAGO | Lean Managed Switches 0852-1813/0010-0000 | all | affected |
| WAGO | Lean Managed Switches 0852-1813/0010-0001 | all | affected |
| WAGO | Lean Managed Switches 0852-1816 | all | affected |
| WAGO | Lean Managed Switches 0852-1816/0010-0000 | all | affected |
Weaknesses
- CWE-190: CWE-190 Integer Overflow or Wraparound
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.