Main Vulnerability Database Vulnerabilities #VU22638

Protection Mechanism Failure in Valleylab LS10 Energy Platform and Valleylab FT10 Energy Platform - CVE-2019-13535

Published: November 11, 2019

Vulnerability identifier: #VU22638

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-13535

CWE-ID: CWE-693

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Medtronic

Affected software:
Valleylab LS10 Energy Platform
Valleylab FT10 Energy Platform

Detailed vulnerability description

The vulnerability allows a local attacker to bypass certain restrictions.

The vulnerability exists due to the RFID security mechanism does not apply read protection. An attacker with physical access to the device can gain full read access of the RFID security mechanism data.

How to mitigate CVE-2019-13535

Install updates from vendor's website.

Sources

https://www.us-cert.gov/ics/advisories/icsma-19-311-01

Protection Mechanism Failure in Valleylab LS10 Energy Platform and Valleylab FT10 Energy Platform - CVE-2019-13535

Detailed vulnerability description

How to mitigate CVE-2019-13535

Sources

Please verify you're human