EUVD-2019-4990

Malware in sbrugna...

EUVD-2019-4998

Malware in sbrugna...

CVE-2019-13535

In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read...

Medtronic Valleylab FT10 and Valleylab LS10 Energy Platform License Issue Vulnerability

The Medtronic Valleylab FT10 and Valleylab LS10 Energy Platform are both Medtronic power devices for the medical industry. An authorization issue vulnerability exists in Medtronic Valleylab FT10 VLFT10GEN versions 2.1.0 and earlier, 2.0.3 and earlier, and Valleylab LS10 Energy Platform VLLS10GEN...

CVE-2019-13543

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read...

CVE-2019-13535

In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read...

CVE-2019-13531

In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy...

Design/Logic Flaw

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

Code injection

In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read...

CVE-2019-13531 Medtronic Valleylab FT10 and LS10 Improper Authentication

In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy...

CVE-2019-13531

CVE-2019-13531 affects Medtronic Valleylab FT10/LS10 energy platforms. Vulnerable components: RFID authentication between FT10/LS10 and instruments. Root cause: RFID security mechanism can be bypassed, enabling inauthentic instruments to connect to the generator. Affected versions: VLFT10GEN 2.1....

CVE-2019-13535

CVE-2019-13535 affects Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) up to v2.1.0 and lower, and v2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN, not US) up to v1.20.2 and lower. The vulnerability is a Protection Mechanism Failure where the RFID security mechanism does not ...

CVE-2019-13535 Medtronic Valleylab FT10 and LS10 Protection Mechanism Failure

In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read...

CVE-2019-13539

CVE-2019-13539 affects Medtronic Valleylab FT10 and FX8 platforms (Exchange Client v3.4 and below; FT10 v4.0.0 and below; FX8 v1.1.0 and below) due to the use of the descrypt OS password hashing (CWE-328). The issue enables an attacker who can access the device to obtain local shell access and re...

CVE-2019-13539 Medtronic Valleylab FT10 and FX8 Reversible One-way Hash

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

CVE-2019-13543 Medtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read...