CVE-2025-1235
MEDIUMWAGO Fully Managed and Lean Managed Switches - Unauthenticated Integer Overflow via Date Setting
Title source: llmDescription
A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.
References (1)
Core 1
Core References
Various Sources
https://cert.vde.com/en/advisories/VDE-2025-020
Scores
CVSS v3
4.3
EPSS
0.0022
EPSS Percentile
12.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (13)
WAGO/Fully Managed Switches 0852-0303
all
WAGO/Fully Managed Switches 0852-1305
all
WAGO/Fully Managed Switches 0852-1305/0000-0001
all
WAGO/Fully Managed Switches 0852-1505
all
WAGO/Fully Managed Switches 0852-1505/0000-0001
all
WAGO/Lean Managed Switches 0852-1812
all
WAGO/Lean Managed Switches 0852-1812/0010-0000
all
WAGO/Lean Managed Switches 0852-1813
all
WAGO/Lean Managed Switches 0852-1813/0000-0001
all
WAGO/Lean Managed Switches 0852-1813/0010-0000
all
... and 3 more
Published
Jun 02, 2025
Tracked Since
Feb 18, 2026