Skip to content

CISA Catalogs Actively Exploited PTC Windchill RCE Vulnerability

Bottom line: CISA catalogs a critical, actively exploited RCE vulnerability in PTC Windchill/FlexPLM, triggering immediate patching and forensic action for CISOs in critical infrastructure organizations.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Remote Code Execution (RCE) vulnerability in PTC Windchill PDMlink and PTC FlexPLM to its KEV catalog (Known Exploited Vulnerabilities), with active attacks documented. The vulnerability affects PLM/PDM software in production environments.

CISA cataloged the critical security vulnerability in PTC Windchill PDMlink and PTC FlexPLM on Thursday—product data management systems (PDM) and product lifecycle management solutions (PLM) from PTC. The addition to the KEV catalog is based on evidence of active exploitation in the wild.

For CISOs, this means immediate action is required: PTC Windchill and FlexPLM are predominantly deployed in manufacturing, aerospace, automotive, and other regulated industries, where product data represents business-critical infrastructure. An RCE vulnerability in this category allows attackers full system control and access to sensitive design, specification, and manufacturing data. This also falls under NIS2 reporting obligations for critical infrastructure organizations.

Inclusion in CISA’s KEV list underscores that exploit code or exploits are publicly available or are being weaponized by state actors and cybercriminals. Organizations must immediately verify patch status of their PTC systems, analyze suspicious access logs, and search for web shell artifacts that indicate existing compromises.

Under the NIS2 regime, operating known exploited vulnerabilities without active remediation measures carries significant liability and penalty risks.


Source: thehackernews.com · Published June 26, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.1.

Share on: