Multiple vulnerabilities in Medtronic Valleylab pruducts

Published: 2019-11-11 | Updated: 2019-11-11
Severity Medium
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2019-13531
CVE-2019-13535
CVE-2019-13543
CVE-2019-13539
CWE ID CWE-287
CWE-693
CWE-798
Exploitation vector Network
Public exploit N/A
Vulnerable software Valleylab LS10 Energy Platform Subscribe
Valleylab FT10 Energy Platform
Valleylab FX8 Energy Platform
Valleylab Exchange Client
Vendor Medtronic

Security Advisory

1) Improper Authentication

Severity: Low

CVSSv3: 4.2 [CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13531

CWE-ID: CWE-287 - Improper Authentication

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments. An attacker with physical access to the device can connect inauthentic instruments to the generator, bypass authentication process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Valleylab LS10 Energy Platform: -, 1.20.2

Valleylab FT10 Energy Platform: -, 2.0.3, 2.1.0

CPE External links

https://www.us-cert.gov/ics/advisories/icsma-19-311-01

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Protection Mechanism Failure

Severity: Low

CVSSv3: 4 [CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13535

CWE-ID: CWE-693 - Protection Mechanism Failure

Description

The vulnerability allows a local attacker to bypass certain restrictions.

The vulnerability exists due to the RFID security mechanism does not apply read protection. An attacker with physical access to the device can gain full read access of the RFID security mechanism data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Valleylab LS10 Energy Platform: -, 1.20.2

Valleylab FT10 Energy Platform: -, 2.0.3, 2.1.0

CPE External links

https://www.us-cert.gov/ics/advisories/icsma-19-311-01

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of hard-coded credentials

Severity: Medium

CVSSv3: 5.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13543

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials and read files on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Valleylab FX8 Energy Platform: -, 1.1.0

Valleylab FT10 Energy Platform: -, 4.0.0

Valleylab Exchange Client: -, 3.4

CPE External links

https://www.us-cert.gov/ics/advisories/icsma-19-311-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Reversible One-Way Hash

Severity: Low

CVSSv3: 6.1 [CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-13539

CWE-ID: -

Description

The vulnerability allows a local user to bypass authentication on the target system.

The vulnerability exists due to the the affected products use the decrypt algorithm for OS password hashing. While interactive, network-based logins are disable and local user can use other vulnerabilities to obtain local shell access and access these hashes.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Valleylab FX8 Energy Platform: -, 1.1.0

Valleylab Exchange Client: -, 3.4

Valleylab FT10 Energy Platform: -, 4.0.0

CPE External links

https://www.us-cert.gov/ics/advisories/icsma-19-311-02

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.