← Back to home
ICSA-21-180-06  ·  Published 2021-06-29  ·  View on CISA ICS-CERT ↗

Claroty Secure Remote Access Site

CVSS 5.5 MEDIUM

Risk Summary

Successful exploitation of this vulnerability enables an attacker with local (Linux) system access to bypass access controls for the central configuration file of the SRA Site software.

CVEs (1)

Remediations

  • Claroty recommends users upgrade their SRA installation to Version 3.2.1 (released April 27, 2021). Users unable to apply the latest patch should restrict non-admin access to the system hosting the SRA Site software as an interim mitigation.
  • Users may contact either Claroty Support or a Customer Success Manager to obtain the latest release of SRA, which includes the fix to this vulnerability

Affected Vendors

Claroty

Affected Products (1)

Claroty · Secure Remote Access (SRA) Site >= 3.0 | <= 3.2

Affected Sectors

Critical Manufacturing, Energy, Healthcare and Public Health, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more