cnvd - cnvd-2019-41424

CNVD-2019-41424

Vulnerability from cnvd - Published: 2019-11-20

Title

Valleylab FT10和Valleylab FX8输入验证错误漏洞

Description

Medtronic Valleylab FT10和Valleylab FX8都是美国美敦力（Medtronic）公司的一款用于医疗行业的电源设备。 Valleylab FT10和Valleylab FX8存在输入验证错误漏洞，攻击者可利用该漏洞获取本地Shell访问。

Severity

高

Patch Name

Valleylab FT10和Valleylab FX8输入验证错误漏洞的补丁

Patch Description

Medtronic Valleylab FT10和Valleylab FX8都是美国美敦力（Medtronic）公司的一款用于医疗行业的电源设备。 Valleylab FT10和Valleylab FX8存在输入验证错误漏洞，攻击者可利用该漏洞获取本地Shell访问。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.medtronic.com

Reference

https://www.us-cert.gov/ics/advisories/icsma-19-311-02

Impacted products

Name
['Medtronic Valleylab FT10 (VLFT10GEN) <=4.0.0', 'Medtronic Valleylab FX8（VLFX8GEN） <=1.1.0', 'Medtronic Valleylab Exchange <=3.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-13539"
    }
  },
  "description": "Medtronic Valleylab FT10\u548cValleylab FX8\u90fd\u662f\u7f8e\u56fd\u7f8e\u6566\u529b\uff08Medtronic\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u533b\u7597\u884c\u4e1a\u7684\u7535\u6e90\u8bbe\u5907\u3002\n\nValleylab FT10\u548cValleylab FX8\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672c\u5730Shell\u8bbf\u95ee\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.medtronic.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41424",
  "openTime": "2019-11-20",
  "patchDescription": "Medtronic Valleylab FT10\u548cValleylab FX8\u90fd\u662f\u7f8e\u56fd\u7f8e\u6566\u529b\uff08Medtronic\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u533b\u7597\u884c\u4e1a\u7684\u7535\u6e90\u8bbe\u5907\u3002\r\n\r\nValleylab FT10\u548cValleylab FX8\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672c\u5730Shell\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Valleylab FT10\u548cValleylab FX8\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Medtronic Valleylab FT10 (VLFT10GEN) \u003c=4.0.0",
      "Medtronic Valleylab FX8\uff08VLFX8GEN\uff09 \u003c=1.1.0",
      "Medtronic Valleylab Exchange \u003c=3.4"
    ]
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02",
  "serverity": "\u9ad8",
  "submitTime": "2019-11-11",
  "title": "Valleylab FT10\u548cValleylab FX8\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2019-13539 (GCVE-0-2019-13539)

Vulnerability from cvelistv5 – Published: 2019-11-08 19:07 – Updated: 2025-05-22 19:06

Summary

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-328

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/news-events/ics-medical-advi…
	https://global.medtronic.com/xg-en/product-securi…

Impacted products

Vendor

Product

Version

Medtronic

Valleylab Exchange Client

Affected: 0 , ≤ 3.4 (c)

	Medtronic	Valleylab FT10 Energy Platform (VLFT10GEN)	Affected: 0 , ≤ software version 4.0.0 (custom)
	Medtronic	Valleylab FX8 Energy Platform (VLFX8GEN)	Affected: 0 , ≤ software version 1.1.0 (custom)

Credits

Medtronic reported these vulnerabilities to CISA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:57:39.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Valleylab Exchange Client",
          "vendor": "Medtronic",
          "versions": [
            {
              "lessThanOrEqual": "3.4",
              "status": "affected",
              "version": "0",
              "versionType": "c"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Valleylab FT10 Energy Platform (VLFT10GEN)",
          "vendor": "Medtronic",
          "versions": [
            {
              "lessThanOrEqual": "software version 4.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Valleylab FX8 Energy Platform (VLFX8GEN)",
          "vendor": "Medtronic",
          "versions": [
            {
              "lessThanOrEqual": "software version 1.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Medtronic reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\nMedtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes.\n\n\u003c/p\u003e"
            }
          ],
          "value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "CWE-328",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-22T19:06:39.644Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02"
        },
        {
          "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSoftware patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/covidien/en-us/support/software.html\"\u003ehttps://www.medtronic.com/covidien/en-us/support/software.html\u003c/a\u003e\u003c/p\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "Software patches are currently available for the FT10 platform and will be available in early 2020 for the FX8 platform. Until these updates can be applied, Medtronic recommends to either disconnect affected products from IP networks or to segregate those networks, such that the devices are not accessible from an untrusted network (e.g., Internet). Patches can be downloaded at the following location:\n\n https://www.medtronic.com/covidien/en-us/support/software.html \n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
        }
      ],
      "source": {
        "advisory": "ICSMA-19-311-02",
        "discovery": "INTERNAL"
      },
      "title": "Medtronic Valleylab FT10 and FX8 Reversible One-way Hash",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-13543",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Valleylab Exchange Client",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 3.4 and below"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "software version 4.0.0 and below"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Valleylab FX8 Energy Platform (VLFX8GEN)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "software version 1.1.0 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Medtronic"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-13539",
    "datePublished": "2019-11-08T19:07:59",
    "dateReserved": "2019-07-11T00:00:00",
    "dateUpdated": "2025-05-22T19:06:39.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-41424

CVE-2019-13539 (GCVE-0-2019-13539)

Tags

Sightings

Nomenclature