CNNVD-202601-3390 Information

CNNVD ID

CNNVD-202601-3390

Related CVE

CVE-2021-47868

• CNNVD Published: 2026-01-21

Description (Chinese)

Honeywell WIN-PACK PRO是美国Honeywell公司的一款安防管理平台软件。 Honeywell WIN-PACK PRO 4.8版本存在代码问题漏洞，该漏洞源于WPCommandFileService存在未加引号的服务路径，可能导致本地用户执行代码并提升权限。

Description (English)

Honeywell Win-PACK PRO is a secure management platform software for Honeywell in the United States. Honeywell Win-PACK PRO 4.8 has a code problem loophole that stems from the unquoted service path of WPCommandFileService, which may lead to local user implementation codes and enhanced privileges.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

霍尼韦尔

Published

2026-01-21

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/49692 https://www.security.honeywell.com/product-repository/winpak https://www.vulncheck.com/advisories/win-pack-pro-wpcommandfileservice-unquoted-service-path