"The vulnerability, tracked as CVE-2026-4681, affects PTC's Windchill and FlexPLM products and is related to the deserialization of untrusted data, allowing remote code execution."
"PTC is still working on patches for the vulnerability and has shared mitigations that customers can implement to prevent exploitation, along with indicators of compromise to detect potential attacks."
"In Germany, police were deployed to alert companies about the risk posed by the vulnerability, a move described as 'unprecedented', with officers visiting companies even at night."
CISA issued an advisory regarding a critical vulnerability in PTC's Windchill and FlexPLM software, tracked as CVE-2026-4681. The flaw allows remote, unauthenticated attackers to execute arbitrary code. PTC is developing patches and has provided mitigations to prevent exploitation. Despite no evidence of attacks, the situation prompted urgent responses in Germany, including police alerts to companies. Some companies reported they are not at risk, but the potential for exploitation remains a concern.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]