LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit.Referenceshttps://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02
