1. EXECUTIVE SUMMARY
- CVSS v4 9.4
- ATTENTION: Low attack complexity/public exploits are available/known public exploitation
- Vendor: Rockwell Automation
- Equipment: Industrial Data Center (IDC) with VMware, VersaVirtual Appliance (VVA) with VMware, Threat Detection Managed Services (TDMS) with VMware, Endpoint Protection Service with RA Proxy & VMware, Engineered and Integrated Solutions with VMware
- Vulnerabilities: Time-of-check Time-of-use (TOCTOU) Race Condition, Write-what-where Condition, Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker with local administrative privileges to execute code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Rockwell Automation Lifecycle Services with VMware are affected:
- Industrial Data Center (IDC) with VMware: Generations 1 through 4
- VersaVirtual Appliance (VVA) with VMware: Series A and B
- Threat Detection Managed Services (TDMS) with VMware: All versions
- Endpoint Protection Service with RA Proxy & VMware only: All versions
- Engineered and Integrated Solutions with VMware: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 TIME-OF-CHECK TIME-OF-USE (TOCTOU) RACE CONDITION CWE-367
A time of check time of use (TOCTOU) vulnerability exists in VMware ESXi, which the affected products use. Exploitation of the vulnerability can allow a threat actor with local administrative privileges to execute code as the virtual machine’s VMX process running on the host.
CVE-2025-22224 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.3 has been calculated; the CVSS vector string is (AV
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: