CVE-2021-47868
Unknown Unknown - Not Provided
Unquoted Service Path Vulnerability in WIN-PACK PRO Enables Privilege Escalation

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject malicious code that would execute with LocalSystem permissions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47868
EUVD
EUVD-2026-3622
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
honeywell win-pack_pro 4.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47868 is an unquoted service path vulnerability in WIN-PACK PRO 4.8's WPCommandFileService. The service executable path contains spaces but is not enclosed in quotes, allowing a local attacker to place a malicious executable in a path segment that the system might interpret incorrectly. When the service starts, this can cause the malicious code to execute with elevated LocalSystem privileges. [1, 2]

Impact Analysis

This vulnerability allows a local attacker with low privileges to execute arbitrary code with elevated LocalSystem privileges. This can lead to full system compromise, including unauthorized access, modification, or disruption of system resources and data. [1, 2]

Detection Guidance

This vulnerability can be detected by querying Windows services to find those with unquoted service paths that have auto-start mode and are not located in the Windows directory. Suggested commands include: 1) wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\" | findstr /i /v '"' 2) sc qc "WPCommandFileService" These commands help identify services with unquoted paths that could be exploited. [1]

Mitigation Strategies

Immediate mitigation involves correcting the unquoted service path by enclosing the executable path in quotes to prevent the system from misinterpreting the path and executing malicious code. Additionally, restrict local user permissions to prevent placing malicious executables in directories that precede the legitimate service path. Applying vendor patches or updates if available is also recommended. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47868. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart