{“lastseen”:”2026-06-26T12:37:04″,”description”:”\\n\\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\\n\\nThe vulnerability in question is **CVE-2026-12569** (CVSS score: 9.3), a case of improper input validation that could allow an attacker to execute arbitrary code by sending a malicious request to the network. \\n\\n\\”The vulnerability is a remote code execution (RCE) issue that may be exploited through deserialization of untrusted data,\\” according to an advisory released by PTC.\\n\\nAlthough patches for the flaw were released last week, PTC has since confirmed, as of June 25, that \\”we’ve received continued reports of heightened threat activity,\\” with the company disclosing that unknown attackers are exploiting the vulnerability to deploy JSP web shells against susceptible systems.\\n\\nPTC has also released the following indicators of compromise (IoCs) associated with the activity -\\n\\n * 172.111.38.31\\n * 216.152.148.54\\n * 104.243.35.131\\n * 74.50.76.146\\n * 5.180.41.35\\n * 216.152.148.54\\n * 5.180.41.35 (Attacker command-and-control address)\\n * Web shell files following the naming pattern \/Windchill\/login\/[0-9a-f]{16}.jsp\\n\\n\\n\\nAs mitigations, users are advised to perform the following actions -\\n\\n * Block **5.180.41.35** at the perimeter firewall immediately\\n * Search HTTP access logs for any POST requests to **\/Windchill\/login\/*.jsp**\\n * Scan the filesystem for JSP files matching the 16-hex-char pattern **\/Windchill\/login\/[0-9a-f]{16}.jsp**\\n * Hash-check any suspicious JSP files against **55a1eb4c2d3da04376df39d7ba832569c6af1a37a0cf2b95f754ac898023a30c**\\n * Check for **flst.txt** in \/tmp or the Windchill working directory, the presence of which confirms attacker file-listing activity\\n * Add WAF \/ IDS rule blocking any request containing the header **X-windchill-req:**\\n * Restrict internet exposure of the Windchill login endpoint where operationally possible\\n\\n\\n\\nThe development makes it the first-ever PTC product vulnerability added to CISA’s KEV catalog, not to mention highlighting how threat actors are rapidly weaponizing newly disclosed vulnerabilities to their advantage.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-06-26T12:31:00″,”modified”:”2026-06-26T12:31:56″,”type”:”thn”,”title”:”CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue”,”source”:””,”references”:””,”id”:”THN:051D862466EBE7A5DE6BB7DD92EA2EA6″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2026-12569″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.3,”severity”:”CRITICAL”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/SC:L\/VI:H\/SI:L\/VA:H\/SA:L\/AU:Y\/U:Red\/R:U\/V:C”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/06\/cisa-adds-exploited-ptc-windchill-rce.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-06-26T12:37:04″,”description”:”\\n\\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,55,12,13,7,11,43,5],"class_list":["post-66057","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-93","tag-exploit","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n