4.8
CVE-2019-13531
- EPSS 0.39%
- Veröffentlicht 08.11.2019 20:15:10
- Zuletzt bearbeitet 22.05.2025 19:15:22
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginMedtronic Valleylab FT10 and LS10 Improper Authentication
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Medtronic ≫ Valleylab Ft10 Energy Platform Firmware Version2.0.3
Medtronic ≫ Valleylab Ft10 Energy Platform Firmware Version2.1.0
Medtronic ≫ Valleylab Ls10 Energy Platform Firmware Version <= 1.20.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.304 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 0.9 | 3.6 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:P/A:N
|
| ics-cert@hq.dhs.gov | 4.8 | 0.5 | 4.2 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://www.us-cert.gov/ics/advisories/icsma-19-311-01
https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-01