Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2019-13543
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-08 Nov, 2019 | 19:03
Updated At-22 May, 2025 | 19:03
Rejected At-
▼CVE Numbering Authority (CNA)
Medtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.

Affected Products
Vendor
Medtronic
Product
Valleylab Exchange Client
Default Status
unaffected
Versions
Affected
  • From 0 through 3.4 (c)
Vendor
Medtronic
Product
Valleylab FT10 Energy Platform (VLFT10GEN)
Default Status
unaffected
Versions
Affected
  • From 0 through software version 4.0.0 (custom)
Vendor
Medtronic
Product
Valleylab FX8 Energy Platform (VLFX8GEN)
Default Status
unaffected
Versions
Affected
  • From 0 through software version 1.1.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798 Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: CWE-798 Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
3.15.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Software patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location: https://www.medtronic.com/covidien/en-us/support/software.html Medtronic has released additional patient focused information, at the following location: https://www.medtronic.com/security

Configurations
Workarounds
Exploits
Credits
finder
Medtronic reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02
N/A
https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02
Resource: N/A
Hyperlink: https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.us-cert.gov/ics/advisories/icsma-19-311-02
x_refsource_MISC
x_transferred
Hyperlink: https://www.us-cert.gov/ics/advisories/icsma-19-311-02
Resource:
x_refsource_MISC
x_transferred
Details not found