Sign-up

ID

VAR-201911-1203


CVE

CVE-2019-13531


TITLE

Medtronic Valleylab FT10 Energy Platform and Valleylab LS10 Energy Platform Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011945

DESCRIPTION

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator. Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) and Valleylab LS10 Energy Platform Contains an authentication vulnerability.Information may be tampered with. Medtronic Valleylab FT10 (VLFT10GEN) 2.1.0 and earlier, 2.0.3 and earlier and Valleylab LS10 Energy Platform (VLLS10GEN) 1.20.2 and earlier have an authorization vulnerability that an attacker can use to make an unreal instrument Connect to the generator

Trust: 2.34

sources: NVD: CVE-2019-13531 // JVNDB: JVNDB-2019-011945 // CNVD: CNVD-2019-41421 // IVD: 13ef7a37-a647-47cc-af62-736a827b0687

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 13ef7a37-a647-47cc-af62-736a827b0687 // CNVD: CNVD-2019-41421

AFFECTED PRODUCTS

vendor:medtronicmodel:valleylab ls10 energy platformscope:lteversion:1.20.2

Trust: 1.8

vendor:medtronicmodel:valleylab ft10 energy platformscope:eqversion:2.0.3

Trust: 1.0

vendor:medtronicmodel:valleylab ft10 energy platformscope:eqversion:2.1.0

Trust: 1.0

vendor:medtronicmodel:valleylab ft10 energy platformscope:lteversion:2.0.3

Trust: 0.8

vendor:medtronicmodel:valleylab ft10 energy platformscope:lteversion:2.1.0

Trust: 0.8

vendor:medtronicmodel:valleylab ft10scope:lteversion:<=2.1.0

Trust: 0.6

vendor:medtronicmodel:valleylab ft10scope:lteversion:<=2.0.3

Trust: 0.6

vendor:medtronicmodel:valleylab ls10 energy platformscope:lteversion:<=1.20.2

Trust: 0.6

vendor:valleylab ft10 energy platformmodel: - scope:eqversion:2.0.3

Trust: 0.2

vendor:valleylab ft10 energy platformmodel: - scope:eqversion:2.1.0

Trust: 0.2

vendor:valleylab ls10 energy platformmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 13ef7a37-a647-47cc-af62-736a827b0687 // CNVD: CNVD-2019-41421 // JVNDB: JVNDB-2019-011945 // NVD: CVE-2019-13531

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13531
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2019-13531
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13531
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41421
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-397
value: MEDIUM

Trust: 0.6

IVD: 13ef7a37-a647-47cc-af62-736a827b0687
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2019-13531
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41421
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 13ef7a37-a647-47cc-af62-736a827b0687
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13531
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2019-13531
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 0.5
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-13531
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 13ef7a37-a647-47cc-af62-736a827b0687 // CNVD: CNVD-2019-41421 // JVNDB: JVNDB-2019-011945 // CNNVD: CNNVD-201911-397 // NVD: CVE-2019-13531 // NVD: CVE-2019-13531

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: JVNDB: JVNDB-2019-011945 // NVD: CVE-2019-13531

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201911-397

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011945

PATCH
title:Top Pageurl:https://www.medtronic.com/us-en/index.html
Trust: 0.8
title:Patch for Medtronic Valleylab FT10 and Valleylab LS10 Energy Platform Licensing Issues Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/191111
Trust: 0.6
title:Medtronic Valleylab FT10  and Valleylab LS10 Energy Platform Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101866
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41421 // 
            
            
            
            JVNDB: JVNDB-2019-011945 // 
            
            
            
            CNNVD: CNNVD-201911-397

EXTERNAL IDS
db:NVDid:CVE-2019-13531
Trust: 3.2
db:ICS CERTid:ICSMA-19-311-01
Trust: 3.0
db:CNVDid:CNVD-2019-41421
Trust: 0.8
db:CNNVDid:CNNVD-201911-397
Trust: 0.8
db:JVNDBid:JVNDB-2019-011945
Trust: 0.8
db:AUSCERTid:ESB-2019.4207
Trust: 0.6
db:IVDid:13EF7A37-A647-47CC-AF62-736A827B0687
Trust: 0.2
sources:
            
            
            IVD: 13ef7a37-a647-47cc-af62-736a827b0687 // 
            
            
            
            CNVD: CNVD-2019-41421 // 
            
            
            
            JVNDB: JVNDB-2019-011945 // 
            
            
            
            CNNVD: CNNVD-201911-397 // 
            
            
            
            NVD: CVE-2019-13531

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-19-311-01
Trust: 3.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-13531
Trust: 1.4
url:https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html
Trust: 1.0
url:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-01
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13531
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.4207/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41421 // 
            
            
            
            JVNDB: JVNDB-2019-011945 // 
            
            
            
            CNNVD: CNNVD-201911-397 // 
            
            
            
            NVD: CVE-2019-13531

SOURCES
db:IVDid:13ef7a37-a647-47cc-af62-736a827b0687
db:CNVDid:CNVD-2019-41421
db:JVNDBid:JVNDB-2019-011945
db:CNNVDid:CNNVD-201911-397
db:NVDid:CVE-2019-13531

LAST UPDATE DATE
2025-05-23T21:05:34.098000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41421date:2019-11-20T00:00:00
db:JVNDBid:JVNDB-2019-011945date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201911-397date:2020-10-10T00:00:00
db:NVDid:CVE-2019-13531date:2025-05-22T19:15:22.673

SOURCES RELEASE DATE
db:IVDid:13ef7a37-a647-47cc-af62-736a827b0687date:2019-11-20T00:00:00
db:CNVDid:CNVD-2019-41421date:2019-11-20T00:00:00
db:JVNDBid:JVNDB-2019-011945date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201911-397date:2019-11-07T00:00:00
db:NVDid:CVE-2019-13531date:2019-11-08T20:15:10.570