Medtronic ValleyLab Generator Authentication Vulnerabilities

An unauthenticated user on the same local network could exploit these vulnerabilities to gain control of an affected system. The vulnerabilities affect several disparate functions within the ValleyLab platform, and are listed below:

• CVE-2019-3463 & CVE-2019-3464 - The affected platforms use a vulnerable version of the rssh utility. An attacker could exploit this to upload arbitrary files to an affected device.
• CVE-2019-13531 - The RFID instrument authentication function can be bypassed. An attacker could exploit this to connect inauthentic instruments to an affected device.
• CVE-2019-13535 - The RFID instrument authentication function does not apply sufficient access protection. An attacker could exploit this to gain full access to RFID security data.
• CVE-2019-13539 - The affected platforms use the descrypt algorithm for password hashing, which disables network-based access when operating. An attacker could exploit other vulnerabilities on this list during this process to obtain local access.
• CVE-2019-13543 - The affected platforms use a series of hard-coded credentials. An attacker could exploit several of the above vulnerabilities to access these, at which point they could gain full control of an affected device.

For further information:

• CVE-2019-3463 - CVSS v3 9.8
• CVE-2019-3464 - CVSS v3 9.8
• CVE-2019-13531 - CVSS v3 4.8
• CVE-2019-13535 - CVSS v3 4.6
• CVE-2019-13539 - CVSS v3 7.0
• CVE-2019-13543 - CVSS v3 5.8
• ICS-CERT Medical Advisory ICSMA-19-311-01
• ICS-CERT Medical Advisory ICSMA-19-311-02