PT-2019-13395 · Medtronic · Medtronic Valleylab Ft10 Energy Platform
Publicado
2019-11-08
·
Atualizado
2020-10-09
·
CVE-2019-13531
CVSS v3.1
4.8
Média
| Vetor | AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Medtronic Valleylab FT10 Energy Platform versions 2.1.0 and lower
Medtronic Valleylab FT10 Energy Platform version 2.0.3 and lower
Medtronic Valleylab LS10 Energy Platform versions 1.20.2 and lower
Description
The issue concerns the RFID security mechanism used for authentication between the energy platform and instruments. This mechanism can be bypassed, allowing inauthentic instruments to connect to the generator.
Recommendations
For Medtronic Valleylab FT10 Energy Platform versions 2.1.0 and lower, update to a version higher than 2.1.0 to resolve the issue.
For Medtronic Valleylab FT10 Energy Platform version 2.0.3 and lower, update to a version higher than 2.0.3 to resolve the issue.
For Medtronic Valleylab LS10 Energy Platform versions 1.20.2 and lower, update to a version higher than 1.20.2 to resolve the issue.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Medtronic Valleylab Ft10 Energy Platform