VYPR

CWE-428

Unquoted Search Path or Element

BaseDraft

Description

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (233)

page 11 of 12
  • CVE-2026-1585MedFeb 27, 2026
    risk 0.44cvss 6.7epss 0.00

    An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service.

  • CVE-2026-24466MedFeb 9, 2026
    risk 0.44cvss 6.7epss 0.00

    Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with…

  • CVE-2025-66271MedDec 9, 2025
    risk 0.44cvss 6.7epss 0.00

    Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2025-66461MedDec 8, 2025
    risk 0.44cvss 6.7epss 0.00

    FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed.

  • CVE-2025-32449MedNov 11, 2025
    risk 0.44cvss 6.7epss 0.00

    Unquoted search path for some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of…

  • CVE-2025-64151MedNov 5, 2025
    risk 0.44cvss 6.7epss 0.00

    Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2025-62225MedNov 5, 2025
    risk 0.44cvss 6.7epss 0.00

    Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2025-60320MedOct 29, 2025
    risk 0.44cvss 6.7epss 0.00

    memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service (memoQauhlp101). The affected service is installed with a path containing spaces and without surrounding quotes. This misconfiguration allows local users to…

  • CVE-2025-61865MedOct 23, 2025
    risk 0.44cvss 6.7epss 0.00

    Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2025-61871MedOct 10, 2025
    risk 0.44cvss 6.7epss 0.00

    NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2025-9818MedSep 17, 2025
    risk 0.44cvss 6.7epss 0.00

    A vulnerability (CWE-428) has been identified in the Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd., where the executable file paths of Windows services are not enclosed in quotation marks. If the installation folder path…

  • CVE-2025-59307MedSep 17, 2025
    risk 0.44cvss 6.7epss 0.00

    RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2025-58400MedSep 5, 2025
    risk 0.44cvss 6.7epss 0.00

    RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2025-57699MedAug 22, 2025
    risk 0.44cvss 6.7epss 0.00

    Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege.

  • CVE-2025-9043MedAug 14, 2025
    risk 0.44cvss epss 0.00

    The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a…

  • CVE-2024-5963MedAug 6, 2024
    risk 0.44cvss 6.7epss 0.00

    Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00.

  • CVE-2018-14789MedAug 22, 2018
    risk 0.44cvss 6.7epss 0.00

    In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of…

  • CVE-2017-14019MedOct 19, 2017
    risk 0.44cvss 6.7epss 0.00

    An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and…

  • CVE-2017-5873MedApr 11, 2017
    risk 0.44cvss 6.7epss 0.00

    Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

  • CVE-2025-24831MedJan 31, 2025
    risk 0.43cvss 6.6epss 0.00

    Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.