CVE-2021-47867
Unknown Unknown - Not Provided
Unquoted Service Path Vulnerability in WIN-PACK PRO4.8 ScheduleService

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files <x86>\WINPAKPRO\ScheduleService Service.exe' to inject malicious code that would execute during service startup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47867
EUVD
EUVD-2026-3619
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
honeywell winpakpro 4.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in WIN-PACK PRO version 4.8's ScheduleService. The executable path for the service contains spaces but is not enclosed in quotes, specifically at 'C:\Program Files (x86)\WINPAKPRO\ScheduleService Service.exe'. Because of this, a local attacker can place a malicious executable in a location that the system might mistakenly execute instead of the intended service executable. When the service starts, the malicious code runs with elevated system privileges, allowing the attacker to escalate their privileges on the system. [1, 2]

Impact Analysis

If exploited, this vulnerability allows a local attacker to execute arbitrary code with elevated system privileges. This means the attacker can gain higher-level access than normally permitted, potentially compromising the entire system by running malicious code during the service startup. This could lead to unauthorized control over the system, data theft, or further attacks. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in Windows services, specifically looking for the ScheduleService executable path. Commands such as WMIC and sc can be used to identify services with unquoted paths that start automatically. For example, using WMIC: `wmic service get name,pathname,startmode | findstr /i "ScheduleService"` or using sc to query the service configuration can help detect the unquoted path vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include correcting the service executable path by enclosing it in quotes to prevent the unquoted service path vulnerability. This involves modifying the service configuration to ensure the path `C:\Program Files (x86)\WINPAKPRO\ScheduleService Service.exe` is properly quoted. Additionally, restricting local user permissions to prevent placing malicious executables in the service path directories can reduce risk until a patch or update is applied. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47867. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart