FILTERING BY: CLEAR FILTER

PTC Windchill & FlexPLM: Critical RCE Vulnerability Added to CISA KEV

CISA has added CVE-2026-12569 to its Known Exploited Vulnerabilities (KEV) catalog, targeting PTC Windchill and FlexPLM product lifecycle management (PLM) software. This critical unsafe deserialization vulnerability (CVSS 9.3) allows unauthenticated remote attackers to achieve Remote Code Execution (RCE) via the Windchill PDMLink web component. Threat actors are actively leveraging this flaw to deploy web shells, facilitating persistent access and lateral movement within sensitive engineering and manufacturing environments. Given the concentration of proprietary CAD designs and bills of materials (BOM) within these systems, exploitation poses an extreme risk of industrial espionage and intellectual property theft across the defense, aerospace, and automotive sectors.


LINK COPIED TO CLIPBOARD