Eireann Leverett

**Name of the Vulnerable Software and Affected Versions** Belden GarrettCom Magnum 6K and Magnum 10K switches firmware versions prior to 4.5.6 **Description** The issue concerns a hardcoded serial-console password for a privileged account in the firmware of the affected switches. This might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation where this account is enabled, and leveraging knowledge of this password. **Recommendations** For firmware versions prior to 4.5.6, update to version 4.5.6 or later to resolve the issue. As a temporary workaround, consider disabling the privileged account with the hardcoded serial-console password until a patch is available. Restrict physical access to the switches to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Siemens SCALANCE X-200 switches versions prior to 5.0.0 **Description** The issue concerns the authentication implementation in the web server, which does not utilize a sufficient source of entropy for generating random numbers. This makes it easier for remote attackers to hijack sessions by predicting a value. **Recommendations** For versions prior to 5.0.0, update to version 5.0.0 or later to resolve the issue.