{"containers": {"cna": {"affected": [{"product": "Valleylab Exchange Client", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "version 3.4 and below"}]}, {"product": "Valleylab FT10 Energy Platform (VLFT10GEN)", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "software version 4.0.0 and below"}]}, {"product": "Valleylab FX8 Energy Platform (VLFX8GEN)", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "software version 1.1.0 and below"}]}], "descriptions": [{"lang": "en", "value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-328", "description": "REVERSIBLE ONE-WAY HASH CWE-328", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-11-08T19:07:59", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13539", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Valleylab Exchange Client", "version": {"version_data": [{"version_value": "version 3.4 and below"}]}}, {"product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)", "version": {"version_data": [{"version_value": "software version 4.0.0 and below"}]}}, {"product_name": "Valleylab FX8 Energy Platform (VLFX8GEN)", "version": {"version_data": [{"version_value": "software version 1.1.0 and below"}]}}]}, "vendor_name": "Medtronic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "REVERSIBLE ONE-WAY HASH CWE-328"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:57:39.467Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13539", "datePublished": "2019-11-08T19:07:59", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.467Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:medtronic:valleylab_exchange_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "B346570A-3BF0-4BD6-912D-1754DFA49264", "versionEndIncluding": "3.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9428AFA2-E198-41FE-A129-DD51D48CFAD3", "versionEndIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*", "matchCriteriaId": "164230CB-E2BF-447F-8537-C9401FA0CC09", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:valleylab_fx8_energy_platform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEAA803B-F89B-4D2A-820B-9F337778AE70", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:valleylab_fx8_energy_platform:-:*:*:*:*:*:*:*", "matchCriteriaId": "E18B428C-13F4-458C-A0A2-13FA801C9FFC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes."}, {"lang": "es", "value": "Medtronic Valleylab Exchange Client versi\u00f3n 3.4 y anteriores, Valleylab FT10 Energy Platform (VLFT10GEN) versi\u00f3n de software 4.0.0 y anteriores, y Valleylab FX8 Energy Platform (VLFX8GEN) versi\u00f3n 1.1.0 y anteriores, utilizan el algoritmo de descifrado para el hash de contrase\u00f1a del sistema operativo. Si bien los inicios de sesi\u00f3n interactivos basados ??en la red est\u00e1n deshabilitados, y los atacantes pueden usar las otras vulnerabilidades dentro de este reporte para obtener acceso de shell local y acceder a estos hashes."}], "id": "CVE-2019-13539", "lastModified": "2024-11-21T04:25:06.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-08T20:15:10.743", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-328"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}