#VU22638 Protection Mechanism Failure


Published: 2019-11-11

Vulnerability identifier: #VU22638

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-13535

CWE-ID: CWE-693

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Valleylab LS10 Energy Platform
Hardware solutions / Other hardware appliances
Valleylab FT10 Energy Platform
Hardware solutions / Other hardware appliances

Vendor: Medtronic

Description

The vulnerability allows a local attacker to bypass certain restrictions.

The vulnerability exists due to the RFID security mechanism does not apply read protection. An attacker with physical access to the device can gain full read access of the RFID security mechanism data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Valleylab LS10 Energy Platform: 1.20.2

Valleylab FT10 Energy Platform: 2.0.3 - 2.1.0


CPE

External links
http://www.us-cert.gov/ics/advisories/icsma-19-311-01


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability