The NCCIC has released an advisory on an unquoted search path or element vulnerability in Rockwell RSLinx Classic and FactoryTalk Linx Gateway. Versions 3.90.01 and prior of the former product and versions 3.90.00 and prior of the latter product are affected. Successful exploitation of this vulnerability could allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation. Rockwell Automation recommends all users update to new versions of RSLinx Classic and FactoryTalk Linx Gateway. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.