WAGO: Switches affected by year 2k38 problem
MonitorCVSS 4.3VDE-2025-020Jun 2, 2025
WAGO
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
WAGO Fully Managed and Lean Managed industrial network switches (0852-0303, 0852-1305, 0852-1505, 0852-1812, 0852-1813, 0852-1816 and variants) are affected by the Year 2038 Problem, which occurs on January 19, 2038, at 03:14:07 UTC. The switches use a 32-bit integer to represent time as seconds since January 1, 1970. When this value exceeds the maximum for a 32-bit signed integer, it will overflow and reset to a negative number, corrupting logging and timestamp-dependent functionality. Only the logging functionality is affected. No firmware update is planned by WAGO.
What this means
What could happen
In January 2038, WAGO switches will experience a time overflow that will corrupt or stop logging functionality, potentially preventing audit trails of network configuration changes and security events.
Who's at risk
Water and utility operators who rely on WAGO managed industrial network switches (models 0852 series) for Ethernet connectivity between control systems, RTUs, and remote terminals. Affected devices include fully managed switches (0852-0303, 0852-1305, 0852-1505) and lean managed switches (0852-1812, 0852-1813, 0852-1816). Any facility using these switches for critical infrastructure network monitoring should be concerned.
How it could be exploited
An attacker cannot directly exploit this vulnerability. The time overflow occurs automatically on January 19, 2038, at 03:14:07 UTC when the internal 32-bit time counter exceeds its maximum value. After this date, any logging or timestamp-dependent features on affected switches will fail or produce incorrect records.
Prerequisites
- Device must reach January 19, 2038 or later without a firmware update
- Logging or time-dependent features must be active on the switch
no patch availableaffects network logging and audit trail integritytime-based failure will occur automatically in 2038
Exploitability
Unlikely to be exploited — EPSS score 0.3%
Affected products (13)
13 EOL
ProductAffected VersionsFix Status
Fully Managed Switches 0852-0303All versionsNo fix (EOL)
Fully Managed Switches 0852-1305All versionsNo fix (EOL)
Fully Managed Switches 0852-1505All versionsNo fix (EOL)
Fully Managed Switches 0852-1305/0000-0001All versionsNo fix (EOL)
Fully Managed Switches 0852-1505/0000-0001All versionsNo fix (EOL)
Lean Managed Switches 0852-1812All versionsNo fix (EOL)
Lean Managed Switches 0852-1813All versionsNo fix (EOL)
Lean Managed Switches 0852-1816All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
WORKAROUNDImplement external logging or syslog forwarding to a server with 64-bit time support to maintain audit records independent of the switch's internal clock
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: Fully Managed Switches 0852-0303, Fully Managed Switches 0852-1305, Fully Managed Switches 0852-1505, Fully Managed Switches 0852-1305/0000-0001, Fully Managed Switches 0852-1505/0000-0001, Lean Managed Switches 0852-1812, Lean Managed Switches 0852-1813, Lean Managed Switches 0852-1816, Lean Managed Switches 0852-1813/0000-0001, Lean Managed Switches 0852-1812/0010-0000, Lean Managed Switches 0852-1813/0010-0000, Lean Managed Switches 0852-1813/0010-0001, Lean Managed Switches 0852-1816/0010-0000. Apply the following compensating controls:
HARDENINGPlan replacement of affected WAGO switches (0852-0303, 0852-1305, 0852-1505, 0852-1812, 0852-1813, 0852-1816 and variants) before January 2038 with models that support 64-bit time representation
HARDENINGDocument current switch firmware versions and serial numbers in your audit trail now, since logging will be unreliable after 2038
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/31cffba8-0e32-4742-b5dc-d298a7d68e68Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.