Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Industrial Cybersecurity Firm Claroty Releases Open Source Database Parser

Industrial cybersecurity firm Claroty this week announced the availability of AccessDB Parser, an open source tool that allows researchers to analyze Microsoft Access database files associated with SCADA applications.

Industrial cybersecurity firm Claroty this week announced the availability of AccessDB Parser, an open source tool that allows researchers to analyze Microsoft Access database files associated with SCADA applications.

AccessDB Parser was initially developed to improve the scanning capabilities of Claroty Continuous Threat Detection (CTD)’s Application DB (AppDB), which is designed to provide a non-intrusive way to identify and manage assets in OT networks by parsing configuration files and other artifacts associated with industrial control systems (ICS).

Provided as a Python library, AccessDB Parser allows users to easily automate the process of reading and analyzing any .mdb or .accdb Access database file.

“This can be very helpful to go over a large number of files and extract the needed data or perform the relevant tests very easily,” Uri Katz, a senior researcher at Claroty, who led the development of the tool, told SecurityWeek.

Asked to share specific examples of issues that can be uncovered using the open source tool, Katz explained, “Project files usually contain important information about the SCADA environment, including what assets are in the network, what programs are those assets running, and some configuration data relevant to those assets.

“After testing and processing a few dozens of such project files in our lab, we detected a deviation related to some mis-configuration in some of the project files we had in our lab. Since we used our python library, it was relatively easy to spot the mis-configuration since we could automate the entire process.”

Learn more about ICS security tools at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

Katz pointed out that every SCADA project is constructed differently, with some vendors using a well-known and well-documented file structure, while others preferring to develop a proprietary binary format structure.

“However, we discovered that many vendors such as Rockwell and Schneider, in some of their SCADA applications, are specifically using the AccessDB (mdb) database format to store the information required for the project file. By providing an AccessDB parser we are actually helping the community to parse and extract the relevant information from those project files,” the researcher explained.

Claroty has released the AccessDB Parser source code on GitHub and it has created a video showing the tool in action.

Related: Slack Releases Open Source Secure Development Lifecycle Tool

Related: Open Source Tool From FireEye Automates Analysis of Flash Files

Related: Google Releases Open Source Tool for Finding File Access Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.