PTC Windchill Product Lifecycle Management

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution.

CVEs (1)

Remediations

• PTC is aware of the issue and is actively developing a fix. In the meantime, PTC recommends applying the recommended workaround. Until official patches are available, customers must take urgent steps to safeguard their environments. Specifically: Protect any publicly accessible Windchill systems
• While publicly accessible Windchill and FlexPLM systems are at higher risk and require immediate attention, PTC strongly recommends applying the mitigation steps to all deployments, regardless of Internet exposure
• Apply the same precautions to FlexPLM deployments
• The following Apache and IIS HTTP Server configuration update should be IMMEDIATELY applied to every Windchill or FlexPLM system: Customers using Apache HTTP Server should only follow "Apache HTTP Server Configuration – Workaround Steps" section steps
• Customers using Microsoft IIS should only follow "IIS Configuration - Workaround Steps" section steps
• Please explicitly note that the same mitigation steps must also be applied on File Server / Replica Server configurations where applicable
• For Windchill releases prior to 11.0 M030, workarounds may need to be altered to apply to unsupported previous releases
• For Apache HTTP Server and IIS configuration workaround steps, please refer to the official advisory at:https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability.
• If immediate remediation is not feasible, additional guidance and remediation options are available:https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability.

Affected Vendors

Affected Products (20)

Affected Sectors

Critical Manufacturing