5 matches found
Code injection
In Medtronic Valleylab FT10 Energy Platform VLFT10GEN version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform VLLS10GEN—not available in the United States version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read...
CVE-2019-13531
CVE-2019-13531 affects Medtronic Valleylab FT10/LS10 energy platforms. Vulnerable components: RFID authentication between FT10/LS10 and instruments. Root cause: RFID security mechanism can be bypassed, enabling inauthentic instruments to connect to the generator. Affected versions: VLFT10GEN 2.1....
CVE-2019-13535
CVE-2019-13535 affects Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) up to v2.1.0 and lower, and v2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN, not US) up to v1.20.2 and lower. The vulnerability is a Protection Mechanism Failure where the RFID security mechanism does not ...
CVE-2019-13539
CVE-2019-13539 affects Medtronic Valleylab FT10 and FX8 platforms (Exchange Client v3.4 and below; FT10 v4.0.0 and below; FX8 v1.1.0 and below) due to the use of the descrypt OS password hashing (CWE-328). The issue enables an attacker who can access the device to obtain local shell access and re...
CVE-2019-13539 Medtronic Valleylab FT10 and FX8 Reversible One-way Hash
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...