Publication Date: 2022 May 20
Update Date: 2022 May 20
Philips is currently monitoring developments and updates related to the recently released CISA directive concerning multiple vulnerabilities in several VMware products. The emergency directive is in response to observed or expected active exploitation of a series of vulnerabilities (CVE 2022-22954, CVE 2022-22960, CVE-2022-22972, CVE-2022-22973) in the following VMware products:
- VMware Workspace ONE Access (Access),
- VMware Identity Manager (vIDM),
- VMware vRealize Automation (vRA),
- VMware Cloud Foundation,
- vRealize Suite Lifecycle Manager (impacted VMware products).
As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing the vulnerable VMware products for potential impacts from these reported vulnerabilities and validating actions. Philips is also monitoring for VMware updates related to these vulnerabilities and evaluating further possible actions as needed.
Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.
If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation will be produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal.
Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise) are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products.