Security News > 2021 > July > Vulnerability Found in Industrial Remote Access Product From Claroty
The Secure Remote Access product of industrial cybersecurity firm Claroty is affected by a vulnerability that could be useful to threat actors targeting industrial organizations.
Claroty SRA is a secure remote access solution specifically built for OT environments, including in terms of operational, administrative and security needs.
Alpha Strike researchers discovered that an attacker with access to the targeted system can bypass access controls for the central configuration file of the SRA software.
"Successful exploitation of this vulnerability allows an attacker with local command line interface access to gain the secret key, subsequentially allowing them to generate valid session tokens for the web user interface. With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation," CISA explained in its advisory.
As for what an attacker could achieve in a real world environment, the researchers explained, "An attacker that successfully exploits this vulnerability may become administrator in SRA, which subsequently compromises assets that are managed through SRA. Practically this means an attacker can create valid sessions and thereby effectively gains illicit access to whatever industrial components or networks are protected via SRA, be it a production environment or critical infrastructure site."
"Claroty worked collaboratively with security researchers to remediate a vulnerability in SRA 3.2 and earlier versions," Claroty said in an emailed statement.