Time Manipulation Vulnerability in Affected Device by Vendor
CVE-2025-0101

6.5MEDIUM

Key Information:

Vendor
Wago
Status
Cc100 0751-9x01
Pfc100 G1 0750-810x/xxxx-xxxx
Pfc100 G2 0750-811x-xxxx-xxxx
Pfc200 G1 750-820x-xxx-xxx
Vendor
CVE Published:
16 April 2025

Summary

A low privileged user can manipulate the device date settings to January 19, 2038, surpassing the 32-bit time representation limit. This can lead to unexpected behavior of functions, potentially causing them to malfunction during runtime or after rebooting the device. It is essential for users to be aware of the implications of this vulnerability and to take necessary precautions to secure their systems.

Affected Version(s)

CC100 0751-9x01 0 < 04.07.01

PFC100 G1 0750-810x/xxxx-xxxx 0 < 3.10.11

PFC100 G1 0750-810x/xxxx-xxxx 0 < 03.10.11

References

https://cert.vde.com/en/advisories/VDE-2025-007

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marcus Kramhöller from Noris Automatio GmbH
.
CVE-2025-0101 : Time Manipulation Vulnerability in Affected Device by Vendor | SecurityVulnerability.io