Home

Description

A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.

PUBLISHED Reserved 2025-02-11 | Published 2025-06-02 | Updated 2025-06-02 | Assigner CERTVDE




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Default status
unaffected

all
affected

Credits

Marcus Kramhöller from Noris Automatio GmbH finder

References

cert.vde.com/en/advisories/VDE-2025-020

cve.org (CVE-2025-1235)

nvd.nist.gov (CVE-2025-1235)

Download JSON