WAGO: Year 2038 problem

Monitor6.5VDE-2025-007Apr 15, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The Year 2038 Problem is a time-based fault affecting WAGO controllers that use a 32-bit signed integer to store system time as seconds since January 1, 1970. On January 19, 2038 at 03:14:07 UTC, this counter will overflow, wrapping to a negative value and resetting the system clock to December 13, 1901. This causes time-dependent operations—including process scheduling, logging, synchronization, and time-triggered control logic—to fail or behave unpredictably. The overflow occurs in the same way across all affected WAGO platforms (CC100, PFC100 G1/G2, PFC200 G1/G2, TP600, and Edge Controller) unless firmware is updated to versions that implement 64-bit time representation.

What this means

What could happen

On January 19, 2038, WAGO controllers will experience a time overflow that resets the system clock to December 1901, potentially disrupting time-dependent processes, logging, scheduling, and synchronization with other networked systems.

Who's at risk

Water authorities and municipal utilities using WAGO programmable controllers (CC100, PFC100, PFC200, TP600 touch panels, and Edge Controller models) for process automation, pump scheduling, tank level monitoring, or any time-dependent control logic are affected. Any WAGO controller with firmware older than 04.07.01 (PFC100 G2, PFC200 G2, TP600 series, Edge Controller) or 03.10.11 (PFC100 G1, PFC200 G1) will malfunction on or after January 19, 2038.

How it could be exploited

An attacker does not exploit this vulnerability; it is a time-based fault that triggers automatically on the overflow date. Systems will malfunction when the date reaches 2038-01-19 03:14:07 UTC due to the 32-bit time representation overflow.

Prerequisites

System relies on accurate time for operational logic, scheduling, or data logging

Time-based failure affects all instances at the same moment

Affected products (24)

24 with fix

ProductAffected VersionsFix Status

CC100 0751-9x01<04.07.0104.07.01

CC100 0751-9x01<04.07.01 (70)04.07.01

PFC100 G1 0750-810x/xxxx-xxxx<03.10.1103.10.11

PFC100 G2 0750-811x-xxxx-xxxx<04.07.0104.07.01

PFC100 G2 0750-811x-xxxx-xxxx<04.07.01 (70)04.07.01

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WAGO CC100 (0751-9x01), PFC100 G1/G2, PFC200 G1/G2, and TP600 series controllers to the latest available firmware version

HOTFIXContact WAGO support for custom firmware solutions if standard firmware updates are not available for your specific product variants

Long-term hardening

0/2

HARDENINGInventory all WAGO controllers in your plant and document their current firmware versions to identify which devices require updates before 2038

HARDENINGPlan controller replacement or firmware updates as part of your regular maintenance schedule, prioritizing devices that perform time-sensitive operations

CVEs (1)

CVE-2025-0101

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7f7e1c63-d0d2-4f82-862a-a24fd11ea327