OTPulse
FeedAboutContact

Claroty Secure Remote Access Site

Monitor5.5ICS-CERT ICSA-21-180-06Jun 29, 2021
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 contain an improper access control vulnerability in the central configuration file. An attacker with local system access to the Linux host running SRA Site can bypass access controls and read the configuration file, which may contain sensitive information.

What this means
What could happen
An attacker with local access to the SRA Site server could read the central configuration file and extract sensitive information that would normally be restricted. This could expose credentials or operational settings needed to access remote systems managed through SRA.
Who's at risk
Organizations that operate Claroty Secure Remote Access Site for managing remote access to industrial control systems—particularly in utilities, manufacturing, and critical infrastructure—should assess whether they run affected versions. This is relevant to any IT or control systems team managing remote operator access or emergency response connections to SCADA systems.
How it could be exploited
An attacker must first gain local (shell) access to the Linux system hosting SRA Site—for example through a compromised admin account, weak SSH credentials, or physical access. Once local access is obtained, the attacker can bypass file permission controls to read the central configuration file containing sensitive data.
Prerequisites
  • Local access to the Linux system hosting SRA Site
  • Non-root or unprivileged user account on the same system
  • SRA Site versions 3.0 through 3.2
local access required to exploitimproper access control weaknessaffects centralized configuration managementno patch available (as of advisory date)
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Secure Remote Access (SRA) Site -≥ 3.0 | ≤ 3.23.2.1
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict non-admin access to the Linux system hosting SRA Site; implement OS-level access controls so only authorized personnel can log in locally
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Secure Remote Access Site to version 3.2.1 or later
Long-term hardening
0/1
HARDENINGImplement network-level controls to limit who can access the server (e.g., bastion host, VPN requirement for local connections)
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/237daa83-78a7-47d8-8577-003f72cf4ee5
Claroty Secure Remote Access Site | CVSS 5.5 - OTPulse