CVE-2019-13543 - OpenCVE

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Medtronic	Valleylab Exchange Client Valleylab Ft10 Energy Platform Valleylab Ft10 Energy Platform Firmware Valleylab Fx8 Energy Platform Valleylab Fx8 Energy Platform Firmware

Configuration 1 [-]

cpe:2.3:a:medtronic:valleylab_exchange_client:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*

cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:medtronic:valleylab_fx8_energy_platform:-:*:*:*:*:*:*:*

cpe:2.3:o:medtronic:valleylab_fx8_energy_platform_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.us-cert.gov/ics/advisories/icsma-19-311-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2019-11-08T19:03:51

Updated: 2024-08-04T23:57:39.230Z

Reserved: 2019-07-11T00:00:00

Link: CVE-2019-13543

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-08T20:15:10.853

Modified: 2019-11-13T21:07:34.660

Link: CVE-2019-13543

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Valleylab Exchange Client", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "version 3.4 and below"}]}, {"product": "Valleylab FT10 Energy Platform (VLFT10GEN)", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "software version 4.0.0 and below"}]}, {"product": "Valleylab FX8 Energy Platform (VLFX8GEN)", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "software version 1.1.0 and below"}]}], "descriptions": [{"lang": "en", "value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "USE OF HARD-CODED CREDENTIALS CWE-798", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-11-08T19:03:51", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Valleylab Exchange Client", "version": {"version_data": [{"version_value": "version 3.4 and below"}]}}, {"product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)", "version": {"version_data": [{"version_value": "software version 4.0.0 and below"}]}}, {"product_name": "Valleylab FX8 Energy Platform (VLFX8GEN)", "version": {"version_data": [{"version_value": "software version 1.1.0 and below"}]}}]}, "vendor_name": "Medtronic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "USE OF HARD-CODED CREDENTIALS CWE-798"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:57:39.230Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13543", "datePublished": "2019-11-08T19:03:51", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.230Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:medtronic:valleylab_exchange_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "B346570A-3BF0-4BD6-912D-1754DFA49264", "versionEndIncluding": "3.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*", "matchCriteriaId": "164230CB-E2BF-447F-8537-C9401FA0CC09", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9428AFA2-E198-41FE-A129-DD51D48CFAD3", "versionEndIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:valleylab_fx8_energy_platform:-:*:*:*:*:*:*:*", "matchCriteriaId": "E18B428C-13F4-458C-A0A2-13FA801C9FFC", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:valleylab_fx8_energy_platform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEAA803B-F89B-4D2A-820B-9F337778AE70", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."}, {"lang": "es", "value": "Medtronic Valleylab Exchange Client versi\u00f3n 3.4 y anteriores, Valleylab FT10 Energy Platform (VLFT10GEN) versi\u00f3n de software 4.0.0 y anteriores, y Valleylab FX8 Energy Platform (VLFX8GEN) versi\u00f3n 1.1.0 y anteriores, utilizan m\u00faltiples conjuntos de credenciales embebidas. Si se descubren, se pueden utilizar para leer archivos en el dispositivo."}], "id": "CVE-2019-13543", "lastModified": "2019-11-13T21:07:34.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-08T20:15:10.853", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}