ICSMA-19-311-01 · Published 2019-11-07 · View on CISA ICS-CERT ↗

Medtronic Valleylab FT10 and LS10

CVSS 4.8 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities may allow an attacker to connect inauthentic instruments to the affected products by spoofing RFID security mechanisms. This may lead to a loss of performance integrity and platform availability due to incorrect identification of instrument and associated parameters.

CVEs (2)

CVE-2019-13531 CVE-2019-13535

Remediations

A software patch is available now for the affected Valleylab platforms. If you suspect you are in possession of an instrument that is not FDA approved or cleared to be used with Medtronic Valleylab FT10 or LS10, please contact Medtronic or your medical device supplier. If you have concerns about FDA clearance or approval of current or future instruments, please contact your medical device supplier. Please contact Medtronic to obtain the software patch.
Medtronic has released additional patient focused information at the following location:
https://www.medtronic.com/security

Affected Vendors

Medtronic

Affected Products (3)

Medtronic · Valleylab LS10 Energy Platform (VLLS10GEN) <= 1.20.2

Medtronic · Valleylab FT10 Energy Platform (VLFT10GEN) <= 2.1.0

Medtronic · Valleylab FT10 Energy Platform (VLFT10GEN) <= 2.0.3

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more