CVE-2025-1235 is an integer overflow vulnerability (CWE-190) affecting WAGO Fully Managed Switches model 0852-0303. The vulnerability arises from the device's handling of time values using a 32-bit signed integer, which is subject to the Year 2038 problem. Specifically, a low-privileged attacker can manipulate the device's date setting to January 19, 2038, the critical overflow point for 32-bit time representations. When this date is set, the internal time counter exceeds the maximum value representable by a 32-bit signed integer, causing an integer overflow or wraparound. As a result, the device's date resets to January 1, 1970, the Unix epoch start date. This erroneous time reset can lead to incorrect system logs, misaligned scheduled tasks, and potential disruption of time-dependent network functions. The vulnerability requires low privileges but no user interaction and can be exploited remotely (network vector). The CVSS v3.1 base score is 4.3, indicating a medium severity primarily due to the impact on integrity without affecting confidentiality or availability. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability affects all versions of the specified switch model, highlighting a systemic flaw in the time handling implementation.

For European organizations, the impact of this vulnerability can be significant in environments relying on WAGO Fully Managed Switches 0852-0303 for critical network infrastructure. The incorrect system time can disrupt logging accuracy, complicating incident response and forensic investigations. Time-dependent protocols such as SNTP, NTP synchronization, certificate validation, and scheduled automation tasks may fail or behave unpredictably, potentially causing network instability or degraded service quality. While the vulnerability does not directly compromise confidentiality or availability, the integrity of network operations and monitoring is affected. This can lead to compliance issues, especially under regulations like GDPR, where accurate logging and audit trails are mandatory. Industrial and automation sectors using these switches may experience operational disruptions due to misaligned control sequences or event triggers. Given the low privilege required for exploitation, insider threats or compromised internal hosts could leverage this vulnerability to degrade network reliability.

Since no official patches are currently available, European organizations should implement compensating controls. Network administrators should restrict access to the management interfaces of WAGO switches to trusted personnel and networks only, employing network segmentation and strict access control lists (ACLs). Monitoring and alerting for unusual date/time changes on these devices should be established to detect exploitation attempts promptly. Where possible, disable remote date/time configuration or enforce authenticated and encrypted management protocols (e.g., SSH, HTTPS) to prevent unauthorized changes. Organizations should also prepare for patch deployment by maintaining close contact with WAGO for updates and testing firmware updates in controlled environments before production rollout. Additionally, integrating time synchronization from reliable external NTP servers can help maintain correct device time and potentially override malicious manual changes. Finally, updating incident response plans to consider time manipulation scenarios will improve resilience.