Changeflow GovPing Data Privacy & Cybersecurity PTC FlexPLM and Windchill Vulnerability Allows ...
Urgent Notice Added Final

PTC FlexPLM and Windchill Vulnerability Allows Code Execution

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 22nd, 2026
Detected March 23rd, 2026
Email

Summary

CERT-Bund has issued a security advisory for critical vulnerabilities in PTC FlexPLM and Windchill software, allowing remote code execution. The advisory lists affected product versions and provides mitigation information. Users are advised to apply available updates to address these severe security risks.

View original document View source feed page

What changed

CERT-Bund has released a critical security advisory (WID-SEC-2026-0822) detailing a vulnerability in PTC FlexPLM and PTC Windchill software that enables remote attackers to execute arbitrary code. The vulnerability has a CVSS Base Score of 10.0 and affects numerous versions of both products, primarily on Windows operating systems. The advisory highlights that mitigation is available.

Organizations utilizing affected versions of PTC FlexPLM or Windchill must urgently review the advisory and implement the provided mitigation strategies or apply available software updates. Failure to do so could lead to unauthorized code execution, potentially compromising sensitive product lifecycle management data and systems. This advisory underscores the critical need for prompt patching of enterprise software to prevent severe security breaches.

What to do next

  1. Review CERT-Bund advisory WID-SEC-2026-0822 for affected PTC FlexPLM and Windchill versions.
  2. Implement available mitigation strategies or apply software updates to address the code execution vulnerability.
  3. Assess potential impact on systems and data if affected software is in use.

Source document (simplified)

[WID-SEC-2026-0822] PTC FlexPLM und Windchill: Schwachstelle ermöglicht Codeausführung CVSS Base Score 10.0 (kritisch) CVSS Temporal Score 8.7 (hoch) Remoteangriff ja Datum 22.03.2026 Stand 23.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Windows

Produktbeschreibung

PTC FlexPLM ist eine Softwarelösung für das Product Lifecycle Management (PLM), die Unternehmen bei der Verwaltung von Produktdaten und -prozessen unterstützt.
PTC Windchill ist eine Product-Lifecycle-Management-Software, die Unternehmen bei der Verwaltung von Produktdaten und -prozessen über den gesamten Lebenszyklus hinweg unterstützt.

Produkte

22.03.2026
- PTC FlexPLM 11.0 M030

  • PTC FlexPLM 11.1 M020

  • PTC FlexPLM 11.2.1.0

  • PTC FlexPLM 12.0.0.0

  • PTC FlexPLM 12.0.2.0

  • PTC FlexPLM 12.0.3.0

  • PTC FlexPLM 12.1.2.0

  • PTC FlexPLM 12.1.3.0

  • PTC FlexPLM 13.0.2.0

  • PTC FlexPLM 13.0.3.0

  • PTC Windchill 11.0 M030

  • PTC Windchill 11.1 M020

  • PTC Windchill 11.2.1.0

  • PTC Windchill 12.0.2.0

  • PTC Windchill 13.0.2.0

  • PTC Windchill 13.1.0.0

  • PTC Windchill 13.1.1.0

  • PTC Windchill 13.1.2.0

  • PTC Windchill 13.1.3.0

  • PTC Windchill 12.1.2.0

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in PTC FlexPLM und PTC Windchill ausnutzen, um beliebigen Programmcode auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Named provisions

Betroffene Systeme Angriff

Related changes

Favicon for wid.cert-bund.de Langflow Vulnerabilities Advisory
Urgent Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Keycloak Vulnerabilities Allow Remote Authenticated Attacks
Priority review Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Python Vulnerability Allows Code Execution
Priority review Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com EPO Patent EP4498271C0: Machine Learning Breach Prediction
Routine Mar 23, 2026 ChangeBridge: EPO Bulletin - AI & Computing (G06N) Telecom & Technology
Favicon for changeflow.com Bluefin Payment Systems Vaultless Tokenization and Encryption System
Routine Mar 23, 2026 ChangeBridge: EPO Bulletin - Business Methods (G06Q) Banking & Finance
Favicon for changeflow.com USPTO Patent Application for Digital Identification Creation and Use
Routine Mar 23, 2026 ChangeBridge: Patent Apps - Business Methods (G06Q) Banking & Finance

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 22nd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0822

Who this affects

Applies to
Manufacturers Technology companies
Industry sector
3341 Computer & Electronics Manufacturing 3254 Pharmaceutical Manufacturing 3364 Aerospace & Defense
Activity scope
Software Security Vulnerability Management
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Product Lifecycle Management Software Vulnerabilities

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 228 Consumer Protection 40 Courts & Legal 312 Data Privacy & Cybersecurity 62 Defense & National Security 48 Education 20 Energy 104 Environment 83 Government & Legislation 258 Healthcare 131 Housing 15 Immigration 9 Insurance 55 Labor & Employment 110 Legal & Courts 1 Pharma & Drug Safety 97 Securities & Markets 77 Tax 62 Telecom & Technology 47 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.