CVE-2019-13535

{"id": "CVE-2019-13535", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2019-11-08T20:15:10.633", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-693"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN\u2014not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data."}, {"lang": "es", "value": "En Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) versi\u00f3n 2.1.0 y versiones inferiores y versi\u00f3n 2.0.3 y versiones inferiores, y Valleylab LS10 Energy Platform (VLLS10GEN \u2014no disponible en los Estados Unidos) versi\u00f3n 1.20.2 y versiones inferiores, el mecanismo de seguridad RFID s\u00ed no aplica protecci\u00f3n de lectura, lo que permite el acceso de lectura total de los datos del mecanismo de seguridad RFID"}], "lastModified": "2024-11-21T04:25:05.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89DAFB01-536A-4966-8EAC-5D6CED32CC63"}, {"criteria": "cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31DF6D35-968D-4E8D-A8F5-578B4B9C2BE9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "164230CB-E2BF-447F-8537-C9401FA0CC09"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:valleylab_ls10_energy_platform_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEAE74E9-49AC-4B77-8831-11EA09B204CB", "versionEndIncluding": "1.20.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:valleylab_ls10_energy_platform:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "82294F1E-0BD0-4F55-A732-09B68AA37624"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}