Main Vulnerability Database Vulnerabilities #VU22638

#VU22638 Protection Mechanism Failure in Valleylab LS10 Energy Platform and Valleylab FT10 Energy Platform - CVE-2019-13535

Published: November 11, 2019

Vulnerability identifier: #VU22638

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-13535

CWE-ID: CWE-693

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Valleylab LS10 Energy Platform
Valleylab FT10 Energy Platform

Software vendor:
Medtronic

Description

The vulnerability allows a local attacker to bypass certain restrictions.

The vulnerability exists due to the RFID security mechanism does not apply read protection. An attacker with physical access to the device can gain full read access of the RFID security mechanism data.

Remediation

Install updates from vendor's website.

External links

https://www.us-cert.gov/ics/advisories/icsma-19-311-01

#VU22638 Protection Mechanism Failure in Valleylab LS10 Energy Platform and Valleylab FT10 Energy Platform - CVE-2019-13535

Description

Remediation

External links

Please verify you're human