Multiple vulnerabilities in Medtronic Valleylab pruducts



Published: 2019-11-11
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2019-13531
CVE-2019-13535
CVE-2019-13543
CVE-2019-13539
CWE-ID CWE-287
CWE-693
CWE-798
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Valleylab LS10 Energy Platform
Hardware solutions / Other hardware appliances

Valleylab FT10 Energy Platform
Hardware solutions / Other hardware appliances

Valleylab FX8 Energy Platform
Hardware solutions / Other hardware appliances

Valleylab Exchange Client
Client/Desktop applications / Other client software

Vendor Medtronic

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper Authentication

EUVDB-ID: #VU22637

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13531

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to an error in the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments. An attacker with physical access to the device can connect inauthentic instruments to the generator, bypass authentication process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Valleylab LS10 Energy Platform: 1.20.2

Valleylab FT10 Energy Platform: 2.0.3 - 2.1.0

External links

http://www.us-cert.gov/ics/advisories/icsma-19-311-01


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Protection Mechanism Failure

EUVDB-ID: #VU22638

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13535

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass certain restrictions.

The vulnerability exists due to the RFID security mechanism does not apply read protection. An attacker with physical access to the device can gain full read access of the RFID security mechanism data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Valleylab LS10 Energy Platform: 1.20.2

Valleylab FT10 Energy Platform: 2.0.3 - 2.1.0

External links

http://www.us-cert.gov/ics/advisories/icsma-19-311-01


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of hard-coded credentials

EUVDB-ID: #VU22640

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13543

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials and read files on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Valleylab FX8 Energy Platform: 1.1.0

Valleylab FT10 Energy Platform: 4.0.0

Valleylab Exchange Client: 3.4

External links

http://www.us-cert.gov/ics/advisories/icsma-19-311-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Reversible One-Way Hash

EUVDB-ID: #VU22639

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13539

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a local user to bypass authentication on the target system.

The vulnerability exists due to the the affected products use the decrypt algorithm for OS password hashing. While interactive, network-based logins are disable and local user can use other vulnerabilities to obtain local shell access and access these hashes.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Valleylab FX8 Energy Platform: 1.1.0

Valleylab Exchange Client: 3.4

Valleylab FT10 Energy Platform: 4.0.0

External links

http://www.us-cert.gov/ics/advisories/icsma-19-311-02


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###