CVE-2019-10239

HIGH

Robotronic Runasspc - Insufficiently Protected Credentials

Title source: rule

Description

Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account.

References (1)

[Exploit, Third Party Advisory] https://blog.to.com/advisory-runasspc-cve-2019-10239/

Scores

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 33.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-269 CWE-522

Status published

Affected Products (1)

robotronic/runasspc

Timeline

Published Apr 24, 2019

Tracked Since Feb 18, 2026