CNNVD-202601-3392 Information

CNNVD ID

CNNVD-202601-3392

Related CVE

CVE-2021-47867

• CNNVD Published: 2026-01-21

Description (Chinese)

Honeywell WIN-PACK PRO是美国Honeywell公司的一款安防管理平台软件。 Honeywell WIN-PACK PRO 4.8版本存在代码问题漏洞，该漏洞源于ScheduleService存在未加引号的服务路径，可能导致本地用户执行代码并提升系统权限。

Description (English)

Honeywell Win-PACK PRO is a secure management platform software for Honeywell in the United States. Honeywell Win-PACK PRO 4.8 has a code gap that stems from ScheduuleService ’ s unquoted service path, which may lead to local users ’ implementation of the code and system privileges.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

霍尼韦尔

Published

2026-01-21

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/49691 https://www.security.honeywell.com/product-repository/winpak https://www.vulncheck.com/advisories/win-pack-pro-scheduleservice-unquoted-service-path