Submit #157: Claroty SRA <2.0.1 - unauthenticated port scaninfo
Title
Claroty SRA <2.0.1 - unauthenticated port scan
Description
Claroty Secure Remote Access (SRA) is used to manage access to OT/ICS networks. In SRA version < 2.0.1 it is possible for an unauthenticated remote attacker to perform port scans of the internal OT/ICS network using the /server_statuses function.
In order to take advantage of this vulnerability an attacker must know the site_name by default this is 'central' for the DMZ and 'Central' for the OT network.
Example:
‘/servers_statuses?ip=10.10.10.10&port=445&protocol=tcp&site_name=Central’