Lucene search

[email protected]NVD:CVE-2019-13535

HistoryNov 08, 2019 - 8:15 p.m.

CVE-2019-13535

2019-11-0820:15:10

CWE-732

CWE-693

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

29.5%

JSON

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data.

Affected configurations

Nvd

Node

medtronicvalleylab_ft10_energy_platform_firmwareMatch2.0.3

medtronicvalleylab_ft10_energy_platform_firmwareMatch2.1.0

AND

medtronicvalleylab_ft10_energy_platformMatch-

Node

medtronicvalleylab_ls10_energy_platform_firmwareRange≤1.20.2

AND

medtronicvalleylab_ls10_energy_platformMatch-

VendorProductVersionCPE
medtronicvalleylab_ft10_energy_platform_firmware2.0.3cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.0.3:*:*:*:*:*:*:*
medtronicvalleylab_ft10_energy_platform_firmware2.1.0cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.1.0:*:*:*:*:*:*:*
medtronicvalleylab_ft10_energy_platform-cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*
medtronicvalleylab_ls10_energy_platform_firmware*cpe:2.3:o:medtronic:valleylab_ls10_energy_platform_firmware:*:*:*:*:*:*:*:*
medtronicvalleylab_ls10_energy_platform-cpe:2.3:h:medtronic:valleylab_ls10_energy_platform:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
medtronic	valleylab_ft10_energy_platform_firmware	2.0.3	cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.0.3:::::::*
medtronic	valleylab_ft10_energy_platform_firmware	2.1.0	cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.1.0:::::::*
medtronic	valleylab_ft10_energy_platform	-	cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:::::::*
medtronic	valleylab_ls10_energy_platform_firmware	*	cpe:2.3:o:medtronic:valleylab_ls10_energy_platform_firmware::::::::
medtronic	valleylab_ls10_energy_platform	-	cpe:2.3:h:medtronic:valleylab_ls10_energy_platform:-:::::::*

References

www.us-cert.gov/ics/advisories/icsma-19-311-01

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

29.5%

JSON

Related for NVD:CVE-2019-13535

cvelist1 prion1 cve1 ics1