CVE-2019-10239

HIGH

Robotronic RunAsSpc 3.7.0.0 - Authenticated Cleartext Credential Exposure

Title source: llm
STIX 2.1

Description

Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.to.com/advisory-runasspc-cve-2019-10239/

Scores

CVSS v3 7.8
EPSS 0.0040
EPSS Percentile 31.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269 CWE-522
Status published
Products (1)
robotronic/runasspc 3.7.0.0
Published Apr 24, 2019
Tracked Since Feb 18, 2026