Search criteria
6 vulnerabilities found for Valleylab Exchange Client by Medtronic
VAR-201911-1205
Vulnerability from variot - Updated: 2023-12-18 12:50Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "valleylab exchange client",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "3.4"
},
{
"model": "valleylab ft10 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "4.0.0"
},
{
"model": "valleylab fx8 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "1.1.0"
},
{
"model": "valleylab exchange",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=3.4"
},
{
"model": "valleylab ft10",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=4.0.0"
},
{
"model": "valleylab fx8",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=1.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab exchange client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab ft10 energy platform",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab fx8 energy platform",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:medtronic:valleylab_exchange_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:valleylab_fx8_energy_platform_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:valleylab_fx8_energy_platform:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"cve": "CVE-2019-13539",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-13539",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-41424",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13539",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13539",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-41424",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-432",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13539",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-19-311-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-41424",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4211",
"trust": 0.6
},
{
"db": "IVD",
"id": "A983492D-DC48-4E04-9CD7-E50F961E4F75",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"id": "VAR-201911-1205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
}
]
},
"last_update_date": "2023-12-18T12:50:26.397000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronic.com/us-en/index.html"
},
{
"title": "Patch for Valleylab FT10 and Valleylab FX8 Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191117"
},
{
"title": "Medtronic Valleylab FT10 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=102695"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13539"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13539"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4211/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"date": "2019-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"date": "2019-11-08T20:15:10.743000",
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"date": "2019-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"date": "2020-10-09T13:11:28.173000",
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"date": "2020-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Valleylab Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
],
"trust": 0.6
}
}
VAR-201911-1206
Vulnerability from variot - Updated: 2023-12-18 12:50Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "valleylab exchange client",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "3.4"
},
{
"model": "valleylab ft10 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "4.0.0"
},
{
"model": "valleylab fx8 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "1.1.0"
},
{
"model": "valleylab exchange",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=3.4"
},
{
"model": "valleylab ft10",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=4.0.0"
},
{
"model": "valleylab fx8",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=1.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab exchange client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab ft10 energy platform",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab fx8 energy platform",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:medtronic:valleylab_exchange_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:valleylab_fx8_energy_platform_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:valleylab_fx8_energy_platform:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"cve": "CVE-2019-13543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-13543",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41423",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13543",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13543",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-41423",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-441",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13543",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-19-311-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-41423",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4211",
"trust": 0.6
},
{
"db": "IVD",
"id": "5265EE01-224F-4B99-AAE3-E9FA05D91A57",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"id": "VAR-201911-1206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
}
]
},
"last_update_date": "2023-12-18T12:50:26.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronic.com/us-en/index.html"
},
{
"title": "Patch for Valleylab FT10 and Valleylab FX8 Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191115"
},
{
"title": "Medtronic Valleylab FT10 Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105729"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13543"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4211/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"date": "2019-11-08T20:15:10.853000",
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"date": "2019-11-13T21:07:34.660000",
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"date": "2020-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Valleylab Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
],
"trust": 0.6
}
}
CVE-2019-13539 (GCVE-0-2019-13539)
Vulnerability from cvelistv5 – Published: 2019-11-08 19:07 – Updated: 2025-05-22 19:06
VLAI?
Title
Medtronic Valleylab FT10 and FX8 Reversible One-way Hash
Summary
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Medtronic | Valleylab Exchange Client |
Affected:
0 , ≤ 3.4
(c)
|
||||||||||||
|
||||||||||||||
Credits
Medtronic reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Valleylab Exchange Client",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "c"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "software version 4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valleylab FX8 Energy Platform (VLFX8GEN)",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "software version 1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Medtronic reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nMedtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.\n\n\u003c/p\u003e"
}
],
"value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T19:06:39.644Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02"
},
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSoftware patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/covidien/en-us/support/software.html\"\u003ehttps://www.medtronic.com/covidien/en-us/support/software.html\u003c/a\u003e\u003c/p\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Software patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location:\n\n https://www.medtronic.com/covidien/en-us/support/software.html \n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"source": {
"advisory": "ICSMA-19-311-02",
"discovery": "INTERNAL"
},
"title": "Medtronic Valleylab FT10 and FX8 Reversible One-way Hash",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Valleylab Exchange Client",
"version": {
"version_data": [
{
"version_value": "version 3.4 and below"
}
]
}
},
{
"product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"version": {
"version_data": [
{
"version_value": "software version 4.0.0 and below"
}
]
}
},
{
"product_name": "Valleylab FX8 Energy Platform (VLFX8GEN)",
"version": {
"version_data": [
{
"version_value": "software version 1.1.0 and below"
}
]
}
}
]
},
"vendor_name": "Medtronic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13539",
"datePublished": "2019-11-08T19:07:59",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2025-05-22T19:06:39.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13543 (GCVE-0-2019-13543)
Vulnerability from cvelistv5 – Published: 2019-11-08 19:03 – Updated: 2025-05-22 19:03
VLAI?
Title
Medtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials
Summary
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.
Severity ?
5.8 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Medtronic | Valleylab Exchange Client |
Affected:
0 , ≤ 3.4
(c)
|
||||||||||||
|
||||||||||||||
Credits
Medtronic reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Valleylab Exchange Client",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "c"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "software version 4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valleylab FX8 Energy Platform (VLFX8GEN)",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "software version 1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Medtronic reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.\u003c/p\u003e"
}
],
"value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T19:03:49.976Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02"
},
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSoftware patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/covidien/en-us/support/software.html\"\u003ehttps://www.medtronic.com/covidien/en-us/support/software.html\u003c/a\u003e\u003c/p\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Software patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location:\n\n https://www.medtronic.com/covidien/en-us/support/software.html \n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"source": {
"advisory": "ICSMA-19-311-02",
"discovery": "INTERNAL"
},
"title": "Medtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Valleylab Exchange Client",
"version": {
"version_data": [
{
"version_value": "version 3.4 and below"
}
]
}
},
{
"product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"version": {
"version_data": [
{
"version_value": "software version 4.0.0 and below"
}
]
}
},
{
"product_name": "Valleylab FX8 Energy Platform (VLFX8GEN)",
"version": {
"version_data": [
{
"version_value": "software version 1.1.0 and below"
}
]
}
}
]
},
"vendor_name": "Medtronic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13543",
"datePublished": "2019-11-08T19:03:51",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2025-05-22T19:03:49.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13539 (GCVE-0-2019-13539)
Vulnerability from nvd – Published: 2019-11-08 19:07 – Updated: 2025-05-22 19:06
VLAI?
Title
Medtronic Valleylab FT10 and FX8 Reversible One-way Hash
Summary
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Medtronic | Valleylab Exchange Client |
Affected:
0 , ≤ 3.4
(c)
|
||||||||||||
|
||||||||||||||
Credits
Medtronic reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Valleylab Exchange Client",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "c"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "software version 4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valleylab FX8 Energy Platform (VLFX8GEN)",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "software version 1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Medtronic reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nMedtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.\n\n\u003c/p\u003e"
}
],
"value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T19:06:39.644Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02"
},
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSoftware patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/covidien/en-us/support/software.html\"\u003ehttps://www.medtronic.com/covidien/en-us/support/software.html\u003c/a\u003e\u003c/p\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Software patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location:\n\n https://www.medtronic.com/covidien/en-us/support/software.html \n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"source": {
"advisory": "ICSMA-19-311-02",
"discovery": "INTERNAL"
},
"title": "Medtronic Valleylab FT10 and FX8 Reversible One-way Hash",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Valleylab Exchange Client",
"version": {
"version_data": [
{
"version_value": "version 3.4 and below"
}
]
}
},
{
"product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"version": {
"version_data": [
{
"version_value": "software version 4.0.0 and below"
}
]
}
},
{
"product_name": "Valleylab FX8 Energy Platform (VLFX8GEN)",
"version": {
"version_data": [
{
"version_value": "software version 1.1.0 and below"
}
]
}
}
]
},
"vendor_name": "Medtronic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13539",
"datePublished": "2019-11-08T19:07:59",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2025-05-22T19:06:39.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13543 (GCVE-0-2019-13543)
Vulnerability from nvd – Published: 2019-11-08 19:03 – Updated: 2025-05-22 19:03
VLAI?
Title
Medtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials
Summary
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.
Severity ?
5.8 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Medtronic | Valleylab Exchange Client |
Affected:
0 , ≤ 3.4
(c)
|
||||||||||||
|
||||||||||||||
Credits
Medtronic reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Valleylab Exchange Client",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "3.4",
"status": "affected",
"version": "0",
"versionType": "c"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "software version 4.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valleylab FX8 Energy Platform (VLFX8GEN)",
"vendor": "Medtronic",
"versions": [
{
"lessThanOrEqual": "software version 1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Medtronic reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.\u003c/p\u003e"
}
],
"value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T19:03:49.976Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02"
},
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSoftware patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/covidien/en-us/support/software.html\"\u003ehttps://www.medtronic.com/covidien/en-us/support/software.html\u003c/a\u003e\u003c/p\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Software patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location:\n\n https://www.medtronic.com/covidien/en-us/support/software.html \n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"source": {
"advisory": "ICSMA-19-311-02",
"discovery": "INTERNAL"
},
"title": "Medtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-13543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Valleylab Exchange Client",
"version": {
"version_data": [
{
"version_value": "version 3.4 and below"
}
]
}
},
{
"product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"version": {
"version_data": [
{
"version_value": "software version 4.0.0 and below"
}
]
}
},
{
"product_name": "Valleylab FX8 Energy Platform (VLFX8GEN)",
"version": {
"version_data": [
{
"version_value": "software version 1.1.0 and below"
}
]
}
}
]
},
"vendor_name": "Medtronic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-13543",
"datePublished": "2019-11-08T19:03:51",
"dateReserved": "2019-07-11T00:00:00",
"dateUpdated": "2025-05-22T19:03:49.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}