#VU22638 Protection Mechanism Failure in Valleylab LS10 Energy Platform and Valleylab FT10 Energy Platform


Published: 2019-11-11

Vulnerability identifier: #VU22638

Vulnerability risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13535

CWE-ID: CWE-693

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Valleylab LS10 Energy Platform
Hardware solutions / Other hardware appliances
Valleylab FT10 Energy Platform
Hardware solutions / Other hardware appliances

Vendor: Medtronic

Description

The vulnerability allows a local attacker to bypass certain restrictions.

The vulnerability exists due to the RFID security mechanism does not apply read protection. An attacker with physical access to the device can gain full read access of the RFID security mechanism data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Valleylab LS10 Energy Platform: 1.20.2

Valleylab FT10 Energy Platform: 2.0.3 - 2.1.0

External links
http://www.us-cert.gov/ics/advisories/icsma-19-311-01

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


OpenSUSE Linux update for git
Gentoo update for Git
OpenSUSE Linux update for git
Amazon Linux AMI update for git
Multiple vulnerabilities in Medtronic Valleylab pruducts