Description
A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart.
Problem types
CWE-190 Integer Overflow or Wraparound
Product status
Any version before 04.07.01
Any version before 3.10.11
Any version before 03.10.11
Any version before 04.07.01
Any version before 04.07.01
Any version before 3.10.11
Any version before 03.10.11
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Any version before 04.07.01
Credits
Marcus Kramhöller from Noris Automatio GmbH
References
cert.vde.com/en/advisories/VDE-2025-007
