CVE-2019-13531

Summary

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.

Affected Software

VendorProductVersion RangeStatus
MedtronicValleylab FT10 Energy Platform (VLFT10GEN)0 <= 2.1.0affected
MedtronicValleylab FT10 Energy Platform (VLFT10GEN)0 <= 2.0.3affected
MedtronicValleylab LS10 Energy Platform (VLLS10GEN—not available in the United States)0 <= 1.20.2affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References