Rockwell Automation Lifecycle Services with VMware

Risk Summary

Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets.

CVEs (4)

Remediations

• Rockwell Automation will contact impacted users with an active Rockwell Automation Infrastructure Managed Service contract or Threat Detection Managed Service contract to discuss actions needed for remediation efforts.
• Rockwell recommends users without Rockwell Automation managed services contract to refer to Broadcom's advisories below:
• Support Content Notification - Support Portal - Broadcom support portal
• https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html
• https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html
• https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html
• Rockwell Automation encourages users of the affected software who are not able to upgrade to one of the corrected versions to apply security best practices where possible.
• For more information refer to Rockwell Automation's security advisory.

Affected Vendors

Affected Products (5)

Affected Sectors

Critical Manufacturing