PT-2019-13395 · Medtronic · Medtronic Valleylab Ft10 Energy Platform
Published
2019-11-08
·
Updated
2020-10-09
·
CVE-2019-13531
CVSS v3.1
4.8
Medium
| Vector | AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Medtronic Valleylab FT10 Energy Platform versions 2.1.0 and lower
Medtronic Valleylab FT10 Energy Platform version 2.0.3 and lower
Medtronic Valleylab LS10 Energy Platform versions 1.20.2 and lower
Description
The issue concerns the RFID security mechanism used for authentication between the energy platform and instruments. This mechanism can be bypassed, allowing inauthentic instruments to connect to the generator.
Recommendations
For Medtronic Valleylab FT10 Energy Platform versions 2.1.0 and lower, update to a version higher than 2.1.0 to resolve the issue.
For Medtronic Valleylab FT10 Energy Platform version 2.0.3 and lower, update to a version higher than 2.0.3 to resolve the issue.
For Medtronic Valleylab LS10 Energy Platform versions 1.20.2 and lower, update to a version higher than 1.20.2 to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Medtronic Valleylab Ft10 Energy Platform