Vulnerability Description
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Medtronic | Valleylab Exchange Client | <= 3.4 |
| Medtronic | Valleylab Ft10 Energy Platform Firmware | <= 4.0.0 |
| Medtronic | Valleylab Ft10 Energy Platform | - |
| Medtronic | Valleylab Fx8 Energy Platform Firmware | <= 1.1.0 |
| Medtronic | Valleylab Fx8 Energy Platform | - |
Related Weaknesses (CWE)
References
- https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02
- https://www.us-cert.gov/ics/advisories/icsma-19-311-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-13539?
CVE-2019-13539 is a vulnerability with a CVSS score of 7.0 (HIGH). Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1....
How severe is CVE-2019-13539?
CVE-2019-13539 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13539?
Check the references section above for vendor advisories and patch information. Affected products include: Medtronic Valleylab Exchange Client, Medtronic Valleylab Ft10 Energy Platform Firmware, Medtronic Valleylab Ft10 Energy Platform, Medtronic Valleylab Fx8 Energy Platform Firmware, Medtronic Valleylab Fx8 Energy Platform.