CVE-2026-12569 - PTC Windchill and FlexPLM Improper Input Validation Vulnerability

漏洞名称

PTC Windchill and FlexPLM Improper Input Validation Vulnerability

描述

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.

已知用于勒索软件活动吗？

Unknown

采集行动

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

其他说明

https://www.ptc.com/en/support/article/CS473270

BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk

Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk

https://nvd.nist.gov/vuln/detail/CVE-2026-12569