BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

News Vulnerability
VulnerabilityCISA·69d ago

PTC Windchill Product Lifecycle Management

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-085-03.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. /strong /p p The following versions of PTC Windchill Product Lifecycle Management are affected: /p ul li Windchill PDMLink 11.0_M030 (CVE-2026-4681) /li li Windchill PDMLink 11.1_M020 (CVE-2026-4681) /li li Windchill PDMLink 11.2.1.0 (CVE-2026-4681) /li li Windchill PDMLink 12.0.2.0 (CVE-2026-4681) /li li Windchill PDMLink 12.1.2.0 (CVE-2026-4681) /li li Windchill PDMLink 13.0.2.0 (CVE-2026-4681) /li li Windchill PDMLink 13.1.0.0 (CVE-2026-4681) /li li Windchill PDMLink 13.1.1.0 (CVE-2026-4681) /li li Windchill PDMLink 13.1.2.0 (CVE-2026-4681) /li li Windchill PDMLink 13.1.3.0 (CVE-2026-4681) /li li FlexPLM 11.0_M030 (CVE-2026-4681) /li li FlexPLM 11.1_M020 (CVE-2026-4681) /li li FlexPLM 11.2.1.0 (CVE-2026-4681) /li li FlexPLM 12.0.0.0 (CVE-2026-4681) /li li FlexPLM 12.0.2.0 (CVE-2026-4681) /li li FlexPLM 12.0.3.0 (CVE-2026-4681) /li li FlexPLM 12.1.2.0 (CVE-2026-4681) /li li FlexPLM 12.1.3.0 (CVE-2026-4681) /li li FlexPLM 13.0.2.0 (CVE-2026-4681) /li li FlexPLM 13.0.3.0 (CVE-2026-4681) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 10 /td td PTC /td td PTC Windchill Product Lifecycle Management /td td Improper Control of Generation of Code ('Code Injection') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-4681 /a /h3 div class= csaf-accordion-content p A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-4681 View CVE Details /a /p hr h4 Affected Products /h4 h5 PTC Windchill Product Lifecycle Management /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br PTC /div div class= ics-version strong Product Version: /strong br PTC Windchill PDMLink: 1

Sign in to read the full article

Create a free account to access all news, downloads, and community features

Sign inCreate account

Originally published by CISA

Source: https://www.cisa.gov/news-events/ics-advisories/icsa-26-085-03

This article is shared for informational purposes. All rights belong to the original author and publisher. If you are the copyright holder and would like this content removed, please contact us.

Shared on IT-Hub by admin