Limes Security regularly assesses OT environments in all critical infrastructure and manufacturing sectors. In these assessments, our staff regularly gets exposed to all kinds of IT/OT equipment, uncovering site-specific issues but sometimes also component vulnerabilities. Lately, our research unit Alpha Strike Labs found a vulnerability in an OT security product, the Secure Remote Access (SRA) Software of Claroty. CVE-2021-32958 has been assigned to this vulnerability.
Claroty is a leading OT Security solution vendor and SRA is Claroty’s solution for secure remote connectivity into industrial networks. The vulnerability is rated MEDIUM (CVSS 5.5) and enables an attacker with local (Linux) system access to bypass access controls for the central configuration file of the SRA Site Software. The result is access to a secret key to generate valid session tokens, which compromises the installation as it exposes the assets managed by Claroty SRA. For more information see our advisory and the offical advisory at ICS Cert (ICSA-21-180-06)
Alpha Strike Labs disclosed the vulnerability to Claroty, who confirmed it and developed on a remediation. Both parties jointly worked towards a coordinated disclosure. As Claroty SRA manages secure access to critical infrastructure and industrial networks worldwide, Alpha Strike Labs recommends to follow vendor remediation timely.