Time Manipulation Vulnerability in Affected Device by Vendor
CVE-2025-0101

6.5MEDIUM

Key Information:

Vendor: Wago
Status: Cc100 0751-9x01; Pfc100 G1 0750-810x/xxxx-xxxx; Pfc100 G2 0750-811x-xxxx-xxxx; Pfc200 G1 750-820x-xxx-xxx
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-0101?

A low privileged user can manipulate the device date settings to January 19, 2038, surpassing the 32-bit time representation limit. This can lead to unexpected behavior of functions, potentially causing them to malfunction during runtime or after rebooting the device. It is essential for users to be aware of the implications of this vulnerability and to take necessary precautions to secure their systems.

Affected Version(s)

CC100 0751-9x01 0 < 04.07.01

PFC100 G1 0750-810x/xxxx-xxxx 0 < 3.10.11

PFC100 G1 0750-810x/xxxx-xxxx 0 < 03.10.11

References

https://cert.vde.com/en/advisories/VDE-2025-007

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Dec 19, 2024

Credit

Marcus Kramhöller from Noris Automatio GmbH

Wago

What is CVE-2025-0101?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit