ID
VAR-201911-1206
CVE
CVE-2019-13543
TITLE
plural Medtronic Valleylab Vulnerabilities related to the use of hard-coded credentials in products
Trust: 0.8
sources:
JVNDB: JVNDB-2019-011837
DESCRIPTION
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic
Trust: 2.34
sources:
NVD: CVE-2019-13543 //
JVNDB: JVNDB-2019-011837 //
CNVD: CNVD-2019-41423 //
IVD: 5265ee01-224f-4b99-aae3-e9fa05d91a57
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
sources:
IVD: 5265ee01-224f-4b99-aae3-e9fa05d91a57 //
CNVD: CNVD-2019-41423
AFFECTED PRODUCTS
| vendor: | medtronic | model: | valleylab exchange client | scope: | lte | version: | 3.4 | Trust: 1.8 |
| vendor: | medtronic | model: | valleylab ft10 energy platform | scope: | lte | version: | 4.0.0 | Trust: 1.8 |
| vendor: | medtronic | model: | valleylab fx8 energy platform | scope: | lte | version: | 1.1.0 | Trust: 1.8 |
| vendor: | medtronic | model: | valleylab exchange | scope: | lte | version: | <=3.4 | Trust: 0.6 |
| vendor: | medtronic | model: | valleylab ft10 | scope: | lte | version: | <=4.0.0 | Trust: 0.6 |
| vendor: | medtronic | model: | valleylab fx8 | scope: | lte | version: | <=1.1.0 | Trust: 0.6 |
| vendor: | valleylab exchange client | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | valleylab ft10 energy platform | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | valleylab fx8 energy platform | model: | - | scope: | eq | version: | * | Trust: 0.2 |
sources:
IVD: 5265ee01-224f-4b99-aae3-e9fa05d91a57 //
CNVD: CNVD-2019-41423 //
JVNDB: JVNDB-2019-011837 //
NVD: CVE-2019-13543
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
IVD: 5265ee01-224f-4b99-aae3-e9fa05d91a57 //
CNVD: CNVD-2019-41423 //
JVNDB: JVNDB-2019-011837 //
CNNVD: CNNVD-201911-441 //
NVD: CVE-2019-13543 //
NVD: CVE-2019-13543
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.8 |
sources:
JVNDB: JVNDB-2019-011837 //
NVD: CVE-2019-13543
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201911-441
TYPE
trust management problem
Trust: 0.6
sources:
CNNVD: CNNVD-201911-441
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-011837
PATCH
| title: | Top Page | url: | https://www.medtronic.com/us-en/index.html | Trust: 0.8 |
| title: | Patch for Valleylab FT10 and Valleylab FX8 Trust Management Issue Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/191115 | Trust: 0.6 |
| title: | Medtronic Valleylab FT10 Repair measures for trust management problem vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105729 | Trust: 0.6 |
sources:
CNVD: CNVD-2019-41423 //
JVNDB: JVNDB-2019-011837 //
CNNVD: CNNVD-201911-441
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-13543 | Trust: 3.2 |
| db: | ICS CERT | id: | ICSMA-19-311-02 | Trust: 3.0 |
| db: | CNVD | id: | CNVD-2019-41423 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201911-441 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2019-011837 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2019.4211 | Trust: 0.6 |
| db: | IVD | id: | 5265EE01-224F-4B99-AAE3-E9FA05D91A57 | Trust: 0.2 |
sources:
IVD: 5265ee01-224f-4b99-aae3-e9fa05d91a57 //
CNVD: CNVD-2019-41423 //
JVNDB: JVNDB-2019-011837 //
CNNVD: CNNVD-201911-441 //
NVD: CVE-2019-13543
REFERENCES
| url: | https://www.us-cert.gov/ics/advisories/icsma-19-311-02 | Trust: 3.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-13543 | Trust: 1.4 |
| url: | https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html | Trust: 1.0 |
| url: | https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02 | Trust: 1.0 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13543 | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2019.4211/ | Trust: 0.6 |
sources:
CNVD: CNVD-2019-41423 //
JVNDB: JVNDB-2019-011837 //
CNNVD: CNNVD-201911-441 //
NVD: CVE-2019-13543
SOURCES
| db: | IVD | id: | 5265ee01-224f-4b99-aae3-e9fa05d91a57 |
| db: | CNVD | id: | CNVD-2019-41423 |
| db: | JVNDB | id: | JVNDB-2019-011837 |
| db: | CNNVD | id: | CNNVD-201911-441 |
| db: | NVD | id: | CVE-2019-13543 |
LAST UPDATE DATE
2025-05-23T23:05:13.321000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-41423 | date: | 2019-11-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-011837 | date: | 2019-11-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201911-441 | date: | 2020-07-10T00:00:00 |
| db: | NVD | id: | CVE-2019-13543 | date: | 2025-05-22T19:15:23.257 |
SOURCES RELEASE DATE
| db: | IVD | id: | 5265ee01-224f-4b99-aae3-e9fa05d91a57 | date: | 2019-11-20T00:00:00 |
| db: | CNVD | id: | CNVD-2019-41423 | date: | 2019-11-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-011837 | date: | 2019-11-19T00:00:00 |
| db: | CNNVD | id: | CNNVD-201911-441 | date: | 2019-11-07T00:00:00 |
| db: | NVD | id: | CVE-2019-13543 | date: | 2019-11-08T20:15:10.853 |