7.5
CVE-2019-13543
- EPSS 1.9%
- Veröffentlicht 08.11.2019 20:15:10
- Zuletzt bearbeitet 22.05.2025 19:15:23
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginMedtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Medtronic ≫ Valleylab Exchange Client Version <= 3.4
Medtronic ≫ Valleylab Ft10 Energy Platform Firmware Version <= 4.0.0
Medtronic ≫ Valleylab Fx8 Energy Platform Firmware Version <= 1.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.9% | 0.769 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| ics-cert@hq.dhs.gov | 5.8 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
https://www.us-cert.gov/ics/advisories/icsma-19-311-02
https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02