CVE-2019-13531 Vulnerability Details

  /     /     /  

CVE-2019-13531 Metadata Quick Info

CVE Published: 08/11/2019 | CVE Updated: 04/08/2024 | CVE Year: 2019
Source: icscert | Vendor: Medtronic | Product: Valleylab FT10 Energy Platform (VLFT10GEN)
Status : PUBLISHED

CVE-2019-13531 Description

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-287
CWE Name: IMPROPER AUTHENTICATION CWE-287
Source: Medtronic

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: