{"id":11496,"date":"2021-06-30T17:22:11","date_gmt":"2021-06-30T15:22:11","guid":{"rendered":"https:\/\/limessecurity.ninja\/?p=11496"},"modified":"2026-03-23T14:14:39","modified_gmt":"2026-03-23T13:14:39","slug":"schwachstelle-secure-remote-access-software-claroty-gefunden","status":"publish","type":"post","link":"https:\/\/limessecurity.com\/de\/schwachstelle-secure-remote-access-software-claroty-gefunden\/","title":{"rendered":"Schwachstelle in Secure Remote Access (SRA) Software von Claroty"},"content":{"rendered":"[vc_row type=“in_container“ full_screen_row_position=“middle“ column_margin=“default“ column_direction=“default“ column_direction_tablet=“default“ column_direction_phone=“default“ scene_position=“center“ top_padding=“30″ text_color=“dark“ text_align=“left“ row_border_radius=“none“ row_border_radius_applies=“bg“ row_position_desktop=“default“ row_position_tablet=“inherit“ row_position_phone=“inherit“ overflow=“visible“ overlay_strength=“0.3″ gradient_direction=“left_to_right“ shape_divider_position=“bottom“ bg_image_animation=“none“ shape_type=““][vc_column column_padding=“no-extra-padding“ column_padding_tablet=“inherit“ column_padding_phone=“inherit“ column_padding_position=“all“ flex_gap_desktop=“10px“ column_element_direction_desktop=“default“ column_element_spacing=“default“ desktop_text_alignment=“default“ tablet_text_alignment=“default“ phone_text_alignment=“default“ background_color_opacity=“1″ background_hover_color_opacity=“1″ column_backdrop_filter=“none“ column_shadow=“none“ column_border_radius=“none“ column_link_target=“_self“ column_position=“default“ gradient_direction=“left_to_right“ overlay_strength=“0.3″ width=“1\/1″ tablet_width_inherit=“default“ animation_type=“default“ bg_image_animation=“none“ border_type=“simple“ column_border_width=“none“ column_border_style=“solid“][vc_column_text]Limes Security bewertet regelm\u00e4\u00dfig OT-Umgebungen in kritischen Infrastrukturen und Produktionsumgebungen. Bei diesen Assessments kommen unsere Mitarbeiter regelm\u00e4\u00dfig mit allen Arten von IT\/OT-Komponenten in Ber\u00fchrung und decken standortspezifische Probleme, aber manchmal auch Schwachstellen in Komponenten auf. K\u00fcrzlich fand unsere R&D-Einheit Alpha Strike Labs<\/a> eine Schwachstelle in einem OT Security-Produkt, der Secure Remote Access (SRA) Software von Claroty. Dieser Schwachstelle wurde CVE-2021-32958 zugewiesen.[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=“in_container“ full_screen_row_position=“middle“ column_margin=“default“ column_direction=“default“ column_direction_tablet=“default“ column_direction_phone=“default“ scene_position=“center“ text_color=“dark“ text_align=“left“ row_border_radius=“none“ row_border_radius_applies=“bg“ row_position_desktop=“default“ row_position_tablet=“inherit“ row_position_phone=“inherit“ overflow=“visible“ overlay_strength=“0.3″ gradient_direction=“left_to_right“ shape_divider_position=“bottom“ bg_image_animation=“none“][vc_column column_padding=“no-extra-padding“ column_padding_tablet=“inherit“ column_padding_phone=“inherit“ column_padding_position=“all“ flex_gap_desktop=“10px“ column_element_direction_desktop=“default“ column_element_spacing=“default“ desktop_text_alignment=“default“ tablet_text_alignment=“default“ phone_text_alignment=“default“ background_color_opacity=“1″ background_hover_color_opacity=“1″ column_backdrop_filter=“none“ column_shadow=“none“ column_border_radius=“none“ column_link_target=“_self“ column_position=“default“ gradient_direction=“left_to_right“ overlay_strength=“0.3″ width=“1\/1″ tablet_width_inherit=“default“ animation_type=“default“ bg_image_animation=“none“ border_type=“simple“ column_border_width=“none“ column_border_style=“solid“][image_with_animation image_url=“3239″ image_size=“full“ max_width=“100%“ max_width_mobile=“default“ animation_type=“entrance“ animation=“None“ animation_movement_type=“transform_y“ hover_animation=“none“ alignment=““ border_radius=“none“ box_shadow=“none“ image_loading=“default“][\/vc_column][\/vc_row][vc_row type=“in_container“ full_screen_row_position=“middle“ column_margin=“default“ column_direction=“default“ column_direction_tablet=“default“ column_direction_phone=“default“ scene_position=“center“ top_padding=“30″ constrain_group_1=“yes“ bottom_padding=“30″ text_color=“dark“ text_align=“left“ row_border_radius=“none“ row_border_radius_applies=“bg“ row_position_desktop=“default“ row_position_tablet=“inherit“ row_position_phone=“inherit“ overflow=“visible“ overlay_strength=“0.3″ gradient_direction=“left_to_right“ shape_divider_position=“bottom“ bg_image_animation=“none“ shape_type=““][vc_column column_padding=“no-extra-padding“ column_padding_tablet=“inherit“ column_padding_phone=“inherit“ column_padding_position=“all“ flex_gap_desktop=“10px“ column_element_direction_desktop=“default“ column_element_spacing=“default“ desktop_text_alignment=“default“ tablet_text_alignment=“default“ phone_text_alignment=“default“ background_color_opacity=“1″ background_hover_color_opacity=“1″ column_backdrop_filter=“none“ column_shadow=“none“ column_border_radius=“none“ column_link_target=“_self“ column_position=“default“ gradient_direction=“left_to_right“ overlay_strength=“0.3″ width=“1\/1″ tablet_width_inherit=“default“ animation_type=“default“ bg_image_animation=“none“ border_type=“simple“ column_border_width=“none“ column_border_style=“solid“][vc_column_text css=““ text_direction=“default“]Claroty ist ein f\u00fchrender OT-Security-L\u00f6sungsanbieter. SRA ist die L\u00f6sung von Claroty f\u00fcr sichere Remote-Konnektivit\u00e4t in industrielle Netzwerke. Die identifizierte Schwachstelle wird als MEDIUM (CVSS 5.5) eingestuft und erm\u00f6glicht es einem Angreifer mit lokalem (Linux-)Systemzugang, die Zugriffskontrollen f\u00fcr die zentrale Konfigurationsdatei der SRA Site Software zu umgehen. Das Ergebnis ist der Zugriff auf einen geheimen Schl\u00fcssel, um g\u00fcltige Session-Tokens zu generieren. Dies kompromittiert die Installation, da die von Claroty SRA verwalteten Assets offengelegt werden. Weitere Informationen finden Sie in unserem Advisory<\/a> und dem offiziellen Advisory der ICS Cert (ICSA-21-180-06).[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=“in_container“ full_screen_row_position=“middle“ column_margin=“default“ column_direction=“default“ column_direction_tablet=“default“ column_direction_phone=“default“ scene_position=“center“ text_color=“dark“ text_align=“left“ row_border_radius=“none“ row_border_radius_applies=“bg“ row_position_desktop=“default“ row_position_tablet=“inherit“ row_position_phone=“inherit“ overflow=“visible“ overlay_strength=“0.3″ gradient_direction=“left_to_right“ shape_divider_position=“bottom“ bg_image_animation=“none“ shape_type=““][vc_column column_padding=“no-extra-padding“ column_padding_tablet=“inherit“ column_padding_phone=“inherit“ column_padding_position=“all“ flex_gap_desktop=“10px“ column_element_direction_desktop=“default“ column_element_spacing=“default“ desktop_text_alignment=“default“ tablet_text_alignment=“default“ phone_text_alignment=“default“ background_color_opacity=“1″ background_hover_color_opacity=“1″ column_backdrop_filter=“none“ column_shadow=“none“ column_border_radius=“none“ column_link_target=“_self“ column_position=“default“ gradient_direction=“left_to_right“ overlay_strength=“0.3″ width=“1\/1″ tablet_width_inherit=“default“ animation_type=“default“ bg_image_animation=“none“ border_type=“simple“ column_border_width=“none“ column_border_style=“solid“][vc_column_text]Alpha Strike Labs meldete die Schwachstelle an den Hersteller, der diese best\u00e4tigte und an einer Mitigation arbeitete. Beide Unternehmen koordinierten eine aufeinander abgestimmte Vulnerability Disclosure. Da Claroty SRA den sicheren Remote-Zugang zu kritischen Infrastrukturen und industriellen Netzwerken weltweit verwaltet, empfiehlt Alpha Strike Labs, die Abhilfema\u00dfnahmen des Herstellers rechtzeitig zu befolgen.[\/vc_column_text][divider line_type=“No Line“ custom_height=“10px“][\/vc_column][\/vc_row]\n","protected":false},"excerpt":{"rendered":"

[vc_row type=“in_container“ full_screen_row_position=“middle“ column_margin=“default“ column_direction=“default“ column_direction_tablet=“default“ column_direction_phone=“default“ scene_position=“center“ top_padding=“30″ text_color=“dark“ text_align=“left“ row_border_radius=“none“ row_border_radius_applies=“bg“ row_position_desktop=“default“ row_position_tablet=“inherit“ row_position_phone=“inherit“ overflow=“visible“ overlay_strength=“0.3″ gradient_direction=“left_to_right“ shape_divider_position=“bottom“ bg_image_animation=“none“ shape_type=““][vc_column column_padding=“no-extra-padding“ column_padding_tablet=“inherit“ column_padding_phone=“inherit“ column_padding_position=“all“ flex_gap_desktop=“10px“ column_element_direction_desktop=“default“ column_element_spacing=“default“ desktop_text_alignment=“default“…<\/p>\n","protected":false},"author":5,"featured_media":11497,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[281],"tags":[],"class_list":{"0":"post-11496","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-advisories"},"_links":{"self":[{"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/posts\/11496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/comments?post=11496"}],"version-history":[{"count":1,"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/posts\/11496\/revisions"}],"predecessor-version":[{"id":16866,"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/posts\/11496\/revisions\/16866"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/media\/11497"}],"wp:attachment":[{"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/media?parent=11496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/categories?post=11496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/limessecurity.com\/de\/wp-json\/wp\/v2\/tags?post=11496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}