4.6
CVE-2019-13535
- EPSS 0.35%
- Veröffentlicht 08.11.2019 20:15:10
- Zuletzt bearbeitet 22.05.2025 19:15:22
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginMedtronic Valleylab FT10 and LS10 Protection Mechanism Failure
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Medtronic ≫ Valleylab Ft10 Energy Platform Firmware Version2.0.3
Medtronic ≫ Valleylab Ft10 Energy Platform Firmware Version2.1.0
Medtronic ≫ Valleylab Ls10 Energy Platform Firmware Version <= 1.20.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.269 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 0.9 | 3.6 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| ics-cert@hq.dhs.gov | 4.6 | 0.9 | 3.6 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-693 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
https://www.us-cert.gov/ics/advisories/icsma-19-311-01
https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-01