CVE-2021-47866
Unknown Unknown - Not Provided
Unquoted Service Path in WIN-PACK PRO GuardTourService Enables Privilege Escalation

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious code that would execute during service startup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47866
EUVD
EUVD-2026-3625
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
honeywell win-pack_pro 4.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47866 is an unquoted service path vulnerability in WIN-PACK PRO 4.8's GuardTourService. Because the service executable path is not enclosed in quotes, a local attacker can exploit this by placing malicious code in a path that the system might misinterpret due to spaces in directory names. This malicious code would then execute with elevated system privileges during the service startup, allowing privilege escalation. [1, 3]

Impact Analysis

If exploited, this vulnerability allows a local attacker to execute malicious code with elevated system privileges, potentially leading to full system compromise. It impacts confidentiality, integrity, and availability at a high level by enabling privilege escalation through code injection during service startup. [1, 3]

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in Windows services, specifically for the 'GuardTourService'. You can use the following commands to identify such services: 1) Use WMIC to list services with automatic start mode and filter out those located in the Windows directory and those with quoted paths: `wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\" | findstr /i /v '"'` 2) Use the Service Control command to query the specific service configuration: `sc qc "GuardTourService"` These commands help confirm if the service executable path is unquoted, indicating the vulnerability. [3]

Mitigation Strategies

Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotation marks to prevent malicious code injection. Specifically, update the service configuration so that the path to the executable 'C:\Program Files (x86)\WINPAKPRO\WP GuardTour Service.exe' is enclosed in quotes. Additionally, restrict local user permissions to prevent unauthorized code placement in directories referenced by the service path. Applying the latest patches or updates from Honeywell for WIN-PACK PRO 4.8, if available, is also recommended. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47866. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart