CVE-2019-13535

MEDIUM

Medtronic Valleylab FT10/LS10 <2.1.0/<1.20.2 - Info Disclosure

Title source: llm

Description

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data.

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource

https://www.us-cert.gov/ics/advisories/icsma-19-311-01

Various Sources

https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-01

Scores

CVSS v3 4.6

EPSS 0.0045

EPSS Percentile 63.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-732 CWE-693

Status published

Products (3)

medtronic/valleylab_ft10_energy_platform_firmware 2.0.3

medtronic/valleylab_ft10_energy_platform_firmware 2.1.0

medtronic/valleylab_ls10_energy_platform_firmware < 1.20.2

Published Nov 08, 2019

Tracked Since Feb 18, 2026