Vulnerability Description
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Medtronic | Valleylab Exchange Client | <= 3.4 |
| Medtronic | Valleylab Ft10 Energy Platform Firmware | <= 4.0.0 |
| Medtronic | Valleylab Ft10 Energy Platform | - |
| Medtronic | Valleylab Fx8 Energy Platform Firmware | <= 1.1.0 |
| Medtronic | Valleylab Fx8 Energy Platform | - |
Related Weaknesses (CWE)
References
- https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02
- https://www.us-cert.gov/ics/advisories/icsma-19-311-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-13543?
CVE-2019-13543 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1....
How severe is CVE-2019-13543?
CVE-2019-13543 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13543?
Check the references section above for vendor advisories and patch information. Affected products include: Medtronic Valleylab Exchange Client, Medtronic Valleylab Ft10 Energy Platform Firmware, Medtronic Valleylab Ft10 Energy Platform, Medtronic Valleylab Fx8 Energy Platform Firmware, Medtronic Valleylab Fx8 Energy Platform.