Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.
Fixes

Solution

Software patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location: https://www.medtronic.com/covidien/en-us/support/software.html Medtronic has released additional patient focused information, at the following location: https://www.medtronic.com/security


Workaround

No workaround given by the vendor.

History

Thu, 22 May 2025 19:15:00 +0000

Type Values Removed Values Added
Title Medtronic Valleylab FT10 and FX8 Use of Hard-coded Credentials
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-05-22T19:03:49.976Z

Reserved: 2019-07-11T00:00:00

Link: CVE-2019-13543

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-08T20:15:10.853

Modified: 2025-05-22T19:15:23.257

Link: CVE-2019-13543

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.