Authentication bypass vulnerability detected in Claroty SRA equipment used in critical sectors

Claroty SRA

Claroty has identified the presence of an authentication bypass vulnerability that uses an alternate path or channel in Claroty SRA (Secure Remote Access) Site equipment. Exploiting the security loophole, a hacker with local (Linux) system access can bypass access controls for the central configuration file of the SRA Site software.

The authentication bypass vulnerability in the Claroty SRA equipment versions 3.0 through 3.2 led to an advisory being released Tuesday by the Cybersecurity and Infrastructure Security Agency (CISA). The exploitation of the vulnerability provides the hacker with local command-line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI, an attacker can access assets managed by the SRA installation and could compromise the installation.

A CVSS v3 base score 5.5 has been calculated for this security vulnerability. Alphastrike Labs reported this vulnerability to Claroty, according to CISA. Users have been advised to upgrade their SRA installation to version 3.2.1, released in April. In case, organizations are unable to apply the latest patch, then they should restrict non-admin access to the system hosting the SRA Site software as an interim mitigation.

Adopted in the critical manufacturing, energy, healthcare and public health, water and wastewater systems sector, Claroty SRA equipment delivers frictionless, reliable, and highly secure remote access to operational technology (OT) environments for both internal and third-party users, Claroty said. It reduces mean time-to-respond (MTTR) and boosts uptime by making it faster and easier to connect to and repair OT, IoT, and IIoT assets in industrial networks at any time and anywhere. 

Claroty SRA decreases the complexity and cost of administering safe, secure, and reliable OT remote access by providing flexible configuration options, centralized management, and support for everything for remote users need, according to Claroty. It also minimizes the risks posed by OT remote access by empowering organizations to control, secure, and gain full visibility into all remote connections and activities in the OT environment.

Earlier this year, Claroty uncovered a severe vulnerability affecting communications between Rockwell Automation programmable logic controllers (PLCs) and engineering stations. Exploiting the security flaw enabled the hacker to remotely connect to almost any of the company’s Logix PLCs, and upload malicious code, download information from the PLC, or install new firmware.

The industrial cybersecurity vendor secured earlier this month ‘the largest investment ever made within the industrial cybersecurity sector,’ with its Series D financial round of US$140 million, taking the company’s total funding to $235 million. With the new funds, New York-headquartered Claroty is planning to expand into new verticals and regions, while working towards enhancing its product portfolio.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on whatsapp


Join over 5,000 Industrial OT & Cyber professionals

Weekly Newsletter direct to your inbox