Home / Early Warning / Vulnerabilidades / CVE-2019-13531

CVE-2019-13531

Type: 
Authentication Issues
Severity: 
Low
Publication date: 
11/08/2019
Last modified: 
11/15/2019
Description
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.
Impact
Access Vector: Local
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + No impact on system confidentiality + No impact on system availability
Vulnerable software and versions
  • cpe:2.3:o:medtronic:valleylab_ls10_energy_platform_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:h:medtronic:valleylab_ls10_energy_platform:-:*:*:*:*:*:*:*
  • cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields