CISA has published an advisory on incorrect default permissions and unquoted search path or element vulnerabilities in Siemens SIMATIC RTLC Locating Manager. All versions prior to v2.10.2 are affected. Successful exploitation of this vulnerability could allow a privileged local user to escalate privileges. Siemens recommends that users apply the update of the SIMATIC RTLS Locating Manager. Additionally, it has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.