Honeywell Win Pak
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Honeywell Win Pak.
By the Year
In 2026 there have been 2 vulnerabilities in Honeywell Win Pak with an average score of 7.8 out of ten. Win Pak did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.80 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 0.00 |
It may take a day or so for new Win Pak vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Honeywell Win Pak Security Vulnerabilities
Unquoted Service Path in WIN-PACK PRO 4.8 WPCommandFileService Executes as System
CVE-2021-47868
7.8 - High
- January 21, 2026
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WPCommandFileService Service.exe to inject malicious code that would execute with LocalSystem permissions.
Unquoted Search Path or Element
WIN-PACK PRO 4.8 GuardTourService Unquoted Path CVE-2021-47866
CVE-2021-47866
7.8 - High
- January 21, 2026
WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files <x86>\WINPAKPRO\WP GuardTour Service.exe to inject malicious code that would execute during service startup.
Unquoted Search Path or Element
In Honeywell WIN-PAK 4.7.2
CVE-2020-6978
- March 24, 2020
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
Use of Obsolete Function
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may
CVE-2020-6982
- March 24, 2020
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
Improper Neutralization of HTTP Headers for Scripting Syntax
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may
CVE-2020-7005
- March 24, 2020
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-site request forgery, which may allow an attacker to remotely execute arbitrary code.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Honeywell Win Pak or by Honeywell? Click the Watch button to subscribe.
