CVE-2021-47868

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.8 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject malicious code that would execute with LocalSystem permissions.

Vulnerability Details

Published Date

January 21, 2026

Last Modified

January 26, 2026

CWE ID

CWE-428

Source

NVD

Vendor

Honeywell

Product

WIN-PACK PRO

External References

https://www.exploit-db.com/exploits/49692
https://www.security.honeywell.com/product-repository/winpak
https://www.vulncheck.com/advisories/win-pack-pro-wpcommandfileservice-unquoted-service-path

CVE-2021-47868

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment