CVE-2021-47845
Published: 16 January 2026
Summary
CVE-2021-47845 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Spy Emergency (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Deeper analysis
Spy Emergency version 25.0.650 is affected by an unquoted service path vulnerability in its Windows service configurations. This flaw exists in the services associated with SpyEmergencyHealth.exe and SpyEmergencySrv.exe, where the service binary paths are not properly quoted, allowing Windows to search for executable files in multiple directories during service execution.
Local attackers with low privileges can exploit this vulnerability by placing a malicious executable in a directory that is searched before the legitimate service path, such as during system startup or service restart. Successful exploitation enables code execution with elevated SYSTEM privileges, potentially leading to high confidentiality, integrity, and availability impacts, as indicated by the CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Advisories and references, including those from VulnCheck and Exploit-DB, document the issue and provide a proof-of-concept exploit at https://www.exploit-db.com/exploits/49997. The vendor site at https://www.spy-emergency.com/ is also referenced, though specific patch details are not detailed in available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2875
Vulnerability details
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code during…
more
system startup or service restart.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unquoted service path in Windows services directly enables path interception by unquoted path (T1574.009) for local privilege escalation to SYSTEM (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Establishes and enforces secure configuration settings for Windows services, including properly quoting executable paths to directly prevent unquoted service path hijacking.
Requires timely identification, reporting, and correction of flaws like unquoted service paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe.
Vulnerability scanning and monitoring identifies unquoted service path vulnerabilities in service configurations for exploitation assessment.