Honeywell Win-Pak Pro Unquoted Service Path Vulnerability in ScheduleService

A vulnerability exists in Honeywell Win-Pak Pro version 4.8 within the ScheduleService. This unquoted service path vulnerability allows local users to execute code with elevated system privileges. The issue arises from the unquoted path in 'C:\Program Files (x86)\WINPAKPRO\ScheduleService Service.exe', which can be exploited to inject malicious code that executes when the service starts.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing a local user to execute malicious payloads that could be harmful to the system or network.

Reproduction

The vulnerability can be reproduced by querying the service configuration using the Windows Management Instrumentation Command-line (WMIC) tool. This command will reveal the unquoted service path, which is the basis for the exploitation. Once the unquoted path is identified, a local user can place a malicious executable in a location that the service will access when it starts, effectively executing the code with higher privileges.