Industrial cybersecurity company Claroty revealed this week the availability of AccessDB Parser, an open source platform that allows researchers to analyze database files associated with SCADA applications from Microsoft Access.
Originally, AccessDB Parser was developed to enhance the scanning capabilities of Application DB (AppDB) of Claroty Continuous Threat Detection (CTD), which is designed to provide a non-intrusive way to recognize and manage assets in OT networks by parsing configuration files and other objects associated with industrial control systems ( ICS).
AccessDB Parser provides users with the ability to automate the process of reading and evaluating any.mdb or.accdb Access database file as a Python library.
“It can be very helpful to go through a large number of files and extract the data required or to perform the necessary tests very quickly,” Uri Katz, a senior Claroty researcher who led the tool development, told.
Asked to share concrete examples of issues that can be discovered using the open source tool, Katz explained, “Project files typically contain essential details about the SCADA system including what assets are in the network, what programs are those assets that operate, and some configuration data related to those assets.
“After checking and analyzing a few dozen these project files in our laboratory, in some of the project files we had in our laboratory, we found a deviation linked to some misconfiguration. As we’ve used our python library, finding the mis-configuration was fairly simple as we could automate the whole operation.
Katz pointed out that each SCADA project is designed differently, with some vendors using a well-known and well-documented layout of files, while others tend to create a proprietary binary format.
“However, we have discovered that many vendors, such as Rockwell and Schneider, explicitly use the AccessDB (mdb) database format in some of their SCADA applications to store the information needed for the project file. Through having an AccessDB parser we are simply helping the group decode and extract the relevant information from those project files, “explained the researcher.
Claroty published the AccessDB Parser source code on GitHub and created a video that shows the device in practice.
