OTPulse

Medtronic Valleylab FT10 and LS10

MonitorCVSS 4.8ICS-CERT ICSMA-19-311-01Nov 7, 2019
MedtronicEnergy
Attack path
Attack VectorPhysical
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

Medtronic Valleylab FT10, LS10, and Energy Platform (VLFT10GEN) electrosurgical systems use RFID tags to identify and configure surgical instruments. The RFID security mechanism does not properly authenticate instrument identity, allowing an attacker with physical access to spoof legitimate instrument identifiers. This causes the system to misidentify inauthentic or counterfeit instruments as approved devices, applying incorrect parameters and potentially disabling safety interlocks. Successful exploitation may result in use of unauthorized instruments and loss of system availability due to parameter conflicts or system confusion from duplicate/invalid RFID identities.

What this means
What could happen
An attacker could spoof RFID identities to trick the Valleylab system into accepting counterfeit or unauthorized surgical instruments, leading to use of incorrect instrument parameters during procedures and potential loss of platform functionality.
Who's at risk
Healthcare facilities using Medtronic Valleylab FT10 or LS10 electrosurgical systems in operating rooms and surgical suites. This affects surgical staff, OR nurses, and biomedical engineering teams responsible for equipment validation and maintenance. Energy sector users of related Valleylab platforms are also affected.
How it could be exploited
An attacker with physical access to the system could craft RFID spoofing signals to impersonate legitimate instruments. When the Valleylab FT10 or LS10 receives the spoofed RFID response, it would fail to authenticate the instrument properly and accept inauthentic devices as legitimate, potentially applying wrong settings or disabling safety checks.
Prerequisites
  • Physical proximity to RFID reader on Valleylab FT10 or LS10 system
  • Ability to generate and transmit spoofed RFID signals
  • Knowledge of legitimate instrument RFID codes or use of generic/test codes
No authentication on RFID communicationsPhysical access required but can be achieved during normal OR useAffects patient safety and surgical outcome integrityNo patch currently available for all product versionsCounterfeit medical devices represent serious regulatory and liability risk
Exploitability
Unlikely to be exploited — EPSS score 0.4%
Affected products (3)
3 EOL
ProductAffected VersionsFix Status
Valleylab FT10 Valleylab LS10:≤ 1.20.2No fix (EOL)
Valleylab FT10 Valleylab LS10:≤ 2.0.3No fix (EOL)
Valleylab FT10 Energy Platform (VLFT10GEN): <= 2.1.0≤ 2.1.0No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGVerify all surgical instruments in use are FDA-approved or FDA-cleared for use with your Medtronic Valleylab system; remove any non-approved instruments from inventory
HARDENINGEstablish a chain-of-custody and verification procedure for all instruments entering the operating room to detect counterfeit or unauthorized devices
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

Valleylab FT10 Energy Platform (VLFT10GEN): <= 2.1.0
HOTFIXContact Medtronic to obtain and deploy the available software patch to all affected Valleylab FT10, LS10, and VLFT10GEN platforms
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: Valleylab FT10 Valleylab LS10:, Valleylab FT10 Valleylab LS10:, Valleylab FT10 Energy Platform (VLFT10GEN): <= 2.1.0. Apply the following compensating controls:
HARDENINGReview Medtronic's security advisories at https://www.medtronic.com/security regularly and subscribe to vendor security notifications
View full CISA ICS-CERT advisory
API: /api/v1/advisories/69143731-c8bd-498d-aaaa-9db206cc4959

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.