{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T10:19:13.635","vulnerabilities":[{"cve":{"id":"CVE-2019-13539","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2019-11-08T20:15:10.743","lastModified":"2025-05-22T19:15:23.083","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes."},{"lang":"es","value":"Medtronic Valleylab Exchange Client versión 3.4 y anteriores, Valleylab FT10 Energy Platform (VLFT10GEN) versión de software 4.0.0 y anteriores, y Valleylab FX8 Energy Platform (VLFX8GEN) versión 1.1.0 y anteriores, utilizan el algoritmo de descifrado para el hash de contraseña del sistema operativo. Si bien los inicios de sesión interactivos basados ??en la red están deshabilitados, y los atacantes pueden usar las otras vulnerabilidades dentro de este reporte para obtener acceso de shell local y acceder a estos hashes."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-328"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:medtronic:valleylab_exchange_client:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4","matchCriteriaId":"B346570A-3BF0-4BD6-912D-1754DFA49264"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.0","matchCriteriaId":"9428AFA2-E198-41FE-A129-DD51D48CFAD3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"164230CB-E2BF-447F-8537-C9401FA0CC09"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:medtronic:valleylab_fx8_energy_platform_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.0","matchCriteriaId":"DEAA803B-F89B-4D2A-820B-9F337778AE70"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:medtronic:valleylab_fx8_energy_platform:-:*:*:*:*:*:*:*","matchCriteriaId":"E18B428C-13F4-458C-A0A2-13FA801C9FFC"}]}]}],"references":[{"url":"https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.us-cert.gov/ics/advisories/icsma-19-311-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}