High
The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.
The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts.
Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are executed instead of the legitimate service.
Siemens
SIMATIC RTLS Locating Manager
all versions prior to v2.10.2
Siemens recommends that users apply the update of the SIMATIC RTLS Locating Manager: v2.10.2