Sign-up

ID

VAR-201911-1204


CVE

CVE-2019-13535


TITLE

Medtronic Valleylab FT10 and Valleylab LS10 Energy Platform Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-41422 // CNNVD: CNNVD-201911-410

DESCRIPTION

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) and Valleylab LS10 Energy Platform Contains an information disclosure vulnerability.Information may be obtained

Trust: 2.34

sources: NVD: CVE-2019-13535 // JVNDB: JVNDB-2019-011944 // CNVD: CNVD-2019-41422 // IVD: f7086f37-9ada-46a2-b875-77d1429509a7

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: f7086f37-9ada-46a2-b875-77d1429509a7 // CNVD: CNVD-2019-41422

AFFECTED PRODUCTS

vendor:medtronicmodel:valleylab ls10 energy platformscope:lteversion:1.20.2

Trust: 1.8

vendor:medtronicmodel:valleylab ft10 energy platformscope:eqversion:2.0.3

Trust: 1.0

vendor:medtronicmodel:valleylab ft10 energy platformscope:eqversion:2.1.0

Trust: 1.0

vendor:medtronicmodel:valleylab ft10 energy platformscope:lteversion:2.0.3

Trust: 0.8

vendor:medtronicmodel:valleylab ft10 energy platformscope:lteversion:2.1.0

Trust: 0.8

vendor:medtronicmodel:valleylab ft10scope:lteversion:<=2.1.0

Trust: 0.6

vendor:medtronicmodel:valleylab ft10scope:lteversion:<=2.0.3

Trust: 0.6

vendor:medtronicmodel:valleylab ls10 energy platformscope:lteversion:<=1.20.2

Trust: 0.6

vendor:valleylab ft10 energy platformmodel: - scope:eqversion:2.0.3

Trust: 0.2

vendor:valleylab ft10 energy platformmodel: - scope:eqversion:2.1.0

Trust: 0.2

vendor:valleylab ls10 energy platformmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: f7086f37-9ada-46a2-b875-77d1429509a7 // CNVD: CNVD-2019-41422 // JVNDB: JVNDB-2019-011944 // NVD: CVE-2019-13535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13535
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2019-13535
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13535
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41422
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-410
value: MEDIUM

Trust: 0.6

IVD: f7086f37-9ada-46a2-b875-77d1429509a7
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2019-13535
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41422
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f7086f37-9ada-46a2-b875-77d1429509a7
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13535
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2019-13535
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: f7086f37-9ada-46a2-b875-77d1429509a7 // CNVD: CNVD-2019-41422 // JVNDB: JVNDB-2019-011944 // CNNVD: CNNVD-201911-410 // NVD: CVE-2019-13535 // NVD: CVE-2019-13535

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:CWE-693

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-011944 // NVD: CVE-2019-13535

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-410

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011944

PATCH
title:Top Pageurl:https://www.medtronic.com/us-en/index.html
Trust: 0.8
title:Patch for Medtronic Valleylab FT10 and Valleylab LS10 Energy Platform Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/191113
Trust: 0.6
title:Medtronic Valleylab FT10  and Valleylab LS10 Energy Platform Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102892
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41422 // 
            
            
            
            JVNDB: JVNDB-2019-011944 // 
            
            
            
            CNNVD: CNNVD-201911-410

EXTERNAL IDS
db:NVDid:CVE-2019-13535
Trust: 3.2
db:ICS CERTid:ICSMA-19-311-01
Trust: 3.0
db:CNVDid:CNVD-2019-41422
Trust: 0.8
db:CNNVDid:CNNVD-201911-410
Trust: 0.8
db:JVNDBid:JVNDB-2019-011944
Trust: 0.8
db:AUSCERTid:ESB-2019.4207
Trust: 0.6
db:IVDid:F7086F37-9ADA-46A2-B875-77D1429509A7
Trust: 0.2
sources:
            
            
            IVD: f7086f37-9ada-46a2-b875-77d1429509a7 // 
            
            
            
            CNVD: CNVD-2019-41422 // 
            
            
            
            JVNDB: JVNDB-2019-011944 // 
            
            
            
            CNNVD: CNNVD-201911-410 // 
            
            
            
            NVD: CVE-2019-13535

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-19-311-01
Trust: 3.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-13535
Trust: 1.4
url:https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html
Trust: 1.0
url:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-01
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13535
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.4207/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41422 // 
            
            
            
            JVNDB: JVNDB-2019-011944 // 
            
            
            
            CNNVD: CNNVD-201911-410 // 
            
            
            
            NVD: CVE-2019-13535

SOURCES
db:IVDid:f7086f37-9ada-46a2-b875-77d1429509a7
db:CNVDid:CNVD-2019-41422
db:JVNDBid:JVNDB-2019-011944
db:CNNVDid:CNNVD-201911-410
db:NVDid:CVE-2019-13535

LAST UPDATE DATE
2025-05-23T19:55:52.908000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41422date:2019-11-20T00:00:00
db:JVNDBid:JVNDB-2019-011944date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201911-410date:2020-10-10T00:00:00
db:NVDid:CVE-2019-13535date:2025-05-22T19:15:22.880

SOURCES RELEASE DATE
db:IVDid:f7086f37-9ada-46a2-b875-77d1429509a7date:2019-11-20T00:00:00
db:CNVDid:CNVD-2019-41422date:2019-11-20T00:00:00
db:JVNDBid:JVNDB-2019-011944date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201911-410date:2019-11-07T00:00:00
db:NVDid:CVE-2019-13535date:2019-11-08T20:15:10.633