EUVD-2019-4990

Malware in sbrugna...

CVE-2019-13531

In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy...

Valleylab FT10 and Valleylab FX8 Trust Management Issues Vulnerability

The Medtronic Valleylab FT10 and Valleylab FX8 are both power supply devices for the medical industry from Medtronic. The Valleylab FT10 and Valleylab FX8 have a trust management issue vulnerability that can be exploited by an attacker to read files on the devices...

Medtronic Valleylab FT10 and Valleylab LS10 Energy Platform License Issue Vulnerability

The Medtronic Valleylab FT10 and Valleylab LS10 Energy Platform are both Medtronic power devices for the medical industry. An authorization issue vulnerability exists in Medtronic Valleylab FT10 VLFT10GEN versions 2.1.0 and earlier, 2.0.3 and earlier, and Valleylab LS10 Energy Platform VLLS10GEN...

Medtronic Valleylab FT10 and Valleylab LS10 Energy Platform Information Disclosure Vulnerability

The Medtronic Valleylab FT10 and Valleylab LS10 Energy Platform are both Medtronic power devices for the medical industry. The information disclosure vulnerability in Medtronic Valleylab FT10 VLFT10GEN version 2.1.0 and earlier, version 2.0.3 and earlier, and Valleylab LS10 Energy Platform...

CVE-2019-13543

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read...

CVE-2019-13531

In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy...

CVE-2019-13535

In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read...

Authentication flaw

In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy...

CVE-2019-13539

CVE-2019-13539 affects Medtronic Valleylab FT10 and FX8 platforms (Exchange Client v3.4 and below; FT10 v4.0.0 and below; FX8 v1.1.0 and below) due to the use of the descrypt OS password hashing (CWE-328). The issue enables an attacker who can access the device to obtain local shell access and re...

Medtronic Valleylab FT10 and LS10

1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: Valleylab FT10, Valleylab LS10 Vulnerabilities: Improper Authentication, Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to...