CVE-2019-13531

Medtronic Valleylab FT10 and LS10 Improper Authentication

Description

In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.

Remediation

Solution:

  • A software patch is available now for the affected Valleylab platforms. If you suspect you are in possession of an instrument that is not FDA approved or cleared to be used with Medtronic Valleylab FT10 or LS10, please contact Medtronic or your medical device supplier. If you have concerns about FDA clearance or approval of current or future instruments, please contact your medical device supplier. Please contact https://www.medtronic.com/security

Category

4.8
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.04%
Third-Party Advisory us-cert.gov
Affected: Medtronic Valleylab FT10 Energy Platform (VLFT10GEN)
Affected: Medtronic Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States)
Published at:
Updated at:

References

Link Tags
https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-01
https://www.us-cert.gov/ics/advisories/icsma-19-311-01 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2019-13531?
CVE-2019-13531 has been scored as a medium severity vulnerability.
How to fix CVE-2019-13531?
To fix CVE-2019-13531: A software patch is available now for the affected Valleylab platforms. If you suspect you are in possession of an instrument that is not FDA approved or cleared to be used with Medtronic Valleylab FT10 or LS10, please contact Medtronic or your medical device supplier. If you have concerns about FDA clearance or approval of current or future instruments, please contact your medical device supplier. Please contact https://www.medtronic.com/security
Is CVE-2019-13531 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2019-13531 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-13531?
CVE-2019-13531 affects Medtronic Valleylab FT10 Energy Platform (VLFT10GEN), Medtronic Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.