PowerCLI Script: Check if you have VMs with USB contollers

I light of many serious vulnerabilities in vSphere ESXi revolve around the USB controller, here is a script that will list the virtual machines that have an USB controller attached.

Requirements:

You need to have the VMware.PowerCLI module installed. This can be done with the commands:

Install-Module VMware.PowerCLI
Import-Module VMware.PowerCLI

You also need to be connected to vCenter. This can be accomplished with the following command:

Connect-VIServer <vCenter FQDN>

Function Get-USBEnabledVMs {
<#   
.SYNOPSIS Find VMs that have USB enabled
.DESCRIPTION Returns the VMs that have USB enabled. https://www.vmware.com/security/advisories/VMSA-2018-0025.html
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
https://www.vmware.com/security/advisories/VMSA-2020-0026.html
.NOTES  Author:  Brian F. Knutsson CRIT Solutions
.EXAMPLE
   PS> Get-USBEnabledVMs
   
  
#>
    #Find VMs with USB Controller enabled
    $vms = Get-View -ViewType VirtualMachine -Property Name,Config.Hardware.Device
    $deviceList = @()

    ForEach ($vm in $vms) {
        try {
            #$VM.Config.Hardware.Device | Where-Object {$_.GetType().Name -eq "VirtualUSBController"} | fl 
            $devices = $VM.Config.Hardware.Device | Where-Object {$_.GetType().Name -eq "VirtualUSBController"} | Select-Object -property @{N="VM";E={$VM.Name}},@{N="Controller";E={$_.DeviceInfo.Label}} -ErrorAction:Stop
            $devices
        }
        catch { continue }

        $deviceList += $devices

    }
    
    $deviceList | Where-Object {$_.Enable3DSupport}

}

# To Execute
Get-USBEnabledVMs

As always, use at you own risk.