CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
Summary
CISA has added a critical remote code execution vulnerability in PTC Windchill to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerability allows for remote code execution and is being leveraged in web shell attacks.
IFF Assessment
The inclusion of this vulnerability in CISA's KEV catalog indicates it is actively being exploited by threat actors, posing a direct risk to organizations.
Severity
The vulnerability is a Critical Remote Code Execution (RCE) flaw in enterprise software, likely exploitable remotely without authentication, and has been actively exploited, suggesting a high degree of exploitability and impact.
Defender Context
Organizations utilizing PTC Windchill software should prioritize patching this critical RCE vulnerability immediately, as its presence in the KEV catalog signifies active exploitation. Defenders should also be vigilant for signs of web shell activity within their environments, which could be an indicator of compromise.