🔴 Critical | Source: The Hacker News
CISA has added a critical remote code execution vulnerability in PTC Windchill PDMLink and FlexPLM — software used to manage product data and lifecycles in industrial and manufacturing environments — to its Known Exploited Vulnerabilities catalogue. Attackers are actively exploiting the flaw to deploy web shells, giving them persistent, unauthorised access to affected systems. This is particularly concerning given the prevalence of Windchill in critical manufacturing and defence supply chains.
Security Architect’s Take: Organisations running PTC Windchill PDMLink or FlexPLM should treat patching as urgent — apply available vendor patches immediately and audit internet-facing instances for signs of web shell deployment. If these systems are cloud-hosted or accessible via cloud-based DMZs, review network segmentation and WAF rules to restrict external access whilst remediation is underway.
Original advisory: CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue