Filtered by vendor Medtronic Subscriptions
Filtered by product Valleylab Ft10 Energy Platform Firmware Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-13543 1 Medtronic 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more 2024-11-21 7.5 High
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.
CVE-2019-13539 1 Medtronic 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more 2024-11-21 7.8 High
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.
CVE-2019-13535 1 Medtronic 4 Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware, Valleylab Ls10 Energy Platform and 1 more 2024-11-21 4.6 Medium
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data.
CVE-2019-13531 1 Medtronic 4 Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware, Valleylab Ls10 Energy Platform and 1 more 2024-11-21 4.6 Medium
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.