Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-13531

Опубликовано: 08 нояб. 2019
Источник: nvd
CVSS3: 4.8
CVSS3: 4.6
CVSS2: 2.1
EPSS Низкий

Описание

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.0.3:*:*:*:*:*:*:*
cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.1.0:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:medtronic:valleylab_ls10_energy_platform_firmware:*:*:*:*:*:*:*:*
Версия до 1.20.2 (включая)
cpe:2.3:h:medtronic:valleylab_ls10_energy_platform:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%
0.00134
Низкий

4.8 Medium

CVSS3

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-287
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-jp54-39p3-825v

CVSS3: 4.6
github
больше 3 лет назад

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN?not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.

EPSS

Процентиль: 33%
0.00134
Низкий

4.8 Medium

CVSS3

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-287
NVD-CWE-noinfo