WAGO: Switches affected by year 2k38 problem
Monitor4.3VDE-2025-020Jun 2, 2025
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
WAGO Fully Managed Switches (models 0852-0303, 0852-1305, 0852-1505, 0852-1305/0000-0001, 0852-1505/0000-0001) and Lean Managed Switches (models 0852-1812, 0852-1813, 0852-1816, 0852-1813/0000-0001, 0852-1812/0010-0000, 0852-1813/0010-0000, 0852-1813/0010-0001, 0852-1816/0010-0000) in all versions are affected by the Year 2038 Problem. This is a 32-bit integer time overflow vulnerability where the timestamp will overflow on January 19, 2038, at 03:14:07 UTC. The vulnerability impacts the logging functionality of these switches, preventing accurate time-stamping of network events after the overflow date. WAGO has confirmed no fix is planned due to the low impact and the fact that only logging is affected.
What this means
What could happen
WAGO managed switches will experience a timestamp overflow on January 19, 2038, causing logging functionality to fail and network event records to become unreliable. While this does not directly disrupt switch operations, loss of audit trails could hamper troubleshooting and security investigations.
Who's at risk
Water authorities and electric utilities operating WAGO managed and lean managed industrial network switches (models 0852-0303, 0852-1305, 0852-1505, 0852-1812, 0852-1813, 0852-1816 and their variants) are affected. The vulnerability impacts network logging and audit trails used to troubleshoot connectivity issues and track configuration changes on critical infrastructure networks.
How it could be exploited
An attacker cannot directly exploit this vulnerability—it is a time-based defect that triggers automatically on the affected date. However, the resulting loss of accurate logging creates an operational blind spot where network configuration changes, security events, and connectivity issues will not be properly recorded, potentially allowing malicious activity to occur undetected.
Prerequisites
- System date/time reaches January 19, 2038 or later
- Logging features enabled on affected switch
no patch availableaffects timestamp logging in safety-critical networks
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (13)
13 EOL
ProductAffected VersionsFix Status
Fully Managed Switches 0852-0303All versionsNo fix (EOL)
Fully Managed Switches 0852-1305All versionsNo fix (EOL)
Fully Managed Switches 0852-1505All versionsNo fix (EOL)
Fully Managed Switches 0852-1305/0000-0001All versionsNo fix (EOL)
Fully Managed Switches 0852-1505/0000-0001All versionsNo fix (EOL)
Lean Managed Switches 0852-1812All versionsNo fix (EOL)
Lean Managed Switches 0852-1813All versionsNo fix (EOL)
Lean Managed Switches 0852-1816All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Mitigations - no patch available
0/3The following products have reached End of Life with no planned fix: Fully Managed Switches 0852-0303, Fully Managed Switches 0852-1305, Fully Managed Switches 0852-1505, Fully Managed Switches 0852-1305/0000-0001, Fully Managed Switches 0852-1505/0000-0001, Lean Managed Switches 0852-1812, Lean Managed Switches 0852-1813, Lean Managed Switches 0852-1816, Lean Managed Switches 0852-1813/0000-0001, Lean Managed Switches 0852-1812/0010-0000, Lean Managed Switches 0852-1813/0010-0000, Lean Managed Switches 0852-1813/0010-0001, Lean Managed Switches 0852-1816/0010-0000. Apply the following compensating controls:
HARDENINGPlan replacement of affected WAGO switch models (0852-0303, 0852-1305, 0852-1505, 0852-1812, 0852-1813, 0852-1816 and variants) before January 2038 with switches that use 64-bit time representation
HARDENINGDocument which network locations use affected WAGO switch models and create an asset replacement timeline
HARDENINGConsider implementing a centralized syslog server with proper 64-bit timestamp handling to capture and archive switch logs independently, reducing reliance on device-local logging after 2038
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/31cffba8-0e32-4742-b5dc-d298a7d68e68