Lucene search

[email protected]NVD:CVE-2019-13531

HistoryNov 08, 2019 - 8:15 p.m.

CVE-2019-13531

2019-11-0820:15:10

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.

Affected configurations

Nvd

Node

medtronicvalleylab_ft10_energy_platform_firmwareMatch2.0.3

medtronicvalleylab_ft10_energy_platform_firmwareMatch2.1.0

AND

medtronicvalleylab_ft10_energy_platformMatch-

Node

medtronicvalleylab_ls10_energy_platform_firmwareRange≤1.20.2

AND

medtronicvalleylab_ls10_energy_platformMatch-

VendorProductVersionCPE
medtronicvalleylab_ft10_energy_platform_firmware2.0.3cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.0.3:*:*:*:*:*:*:*
medtronicvalleylab_ft10_energy_platform_firmware2.1.0cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.1.0:*:*:*:*:*:*:*
medtronicvalleylab_ft10_energy_platform-cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*
medtronicvalleylab_ls10_energy_platform_firmware*cpe:2.3:o:medtronic:valleylab_ls10_energy_platform_firmware:*:*:*:*:*:*:*:*
medtronicvalleylab_ls10_energy_platform-cpe:2.3:h:medtronic:valleylab_ls10_energy_platform:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
medtronic	valleylab_ft10_energy_platform_firmware	2.0.3	cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.0.3:::::::*
medtronic	valleylab_ft10_energy_platform_firmware	2.1.0	cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.1.0:::::::*
medtronic	valleylab_ft10_energy_platform	-	cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:::::::*
medtronic	valleylab_ls10_energy_platform_firmware	*	cpe:2.3:o:medtronic:valleylab_ls10_energy_platform_firmware::::::::
medtronic	valleylab_ls10_energy_platform	-	cpe:2.3:h:medtronic:valleylab_ls10_energy_platform:-:::::::*

References

www.us-cert.gov/ics/advisories/icsma-19-311-01

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

Related for NVD:CVE-2019-13531

prion1 cvelist1 cve1 ics1