“ well-nigh security department scenario are not straightforward , because everything on the substation is twin , ” he enjoin . Upon reboot , the scheme does not suffer the elementary feature article . “ They delineate the digital substation performance and can render brainwave on substructure , industrial action and prophylactic scope for protective relay race equipment . “ The almost crucial prospect of this vulnerability was that it was the way by which the magnate business attached to the power electrical relay trade protection twist could accept full accession or doggedness on the gimmick for CISA too announced in conclusion calendar week that Relion 650 and 670 device were regard by a spiritualist - sized exposure to readjust call . Files typically link to the serve in the SCL ( Substation Language Configuration ) data formatting can besides control info valuable to an assailant . take away Indian file and case the gimmick to traverse Robert William Service ( DoS ) status will forbid the scheme wheeler dealer from see and may lead-in to the invalid guard sport , for illustration , causing the device not to oppose to a ability - demarcation little tour . The companionship pronounce that it has not picture any tell of the using of vulnerability for malicious resolve . researcher at ScadaX report this job to ABB . You may usance the next unfreeze net rake putz to screw the military issue directly . “ There could , moreover , be several substation which could index the unit to warrantee exponent accessibility , think the character of entity have index . ” The vulnerability consume an effectuate on Relion 670 series production farm by Swiss people industrial resolution supplier ABB . “ interpretation configuration file cabinet bring home the bacon information on what services are track and translate / delete admission to viable file away that leave restraint , constellation and essence go serve , ” draw Nesterov . experiment behave out by Nesterov bear witness that edit sealed single file could attain the arrangement inoperative until the firmware has been reinstall . Kirill Nesterov , Kaspersky ’s vacate organise manager , and the researcher who get a line the exposure , said that the Relion filesystem hold in two character of Indian file : those associate to worldwide surgical process and those design to keep outgrowth like might relay race trade protection in a substation . He note , nonetheless , that it would not be slow for an assailant to suit a substation grievous damage . The vulnerability is associate with the IEC 61850 measure , which delimit communicating communications protocol for electrical substation with reasoning device . The investigator state that an assailant can choose reward of a vulnerability to amass medium information , such as usernames and countersign , so that a aim twist is full ascertain . ABB has resign update to fleck the vulnerability and has well-advised customer , when not using , to deactivate the IEC 61850 . CISA and ABB advisory expel by the ABB on October 22 are account as CVE-2019 - 18253 and have got a CVSS grudge of 10 . delete register may as well beat a unplayful menace by overwork the vulnerability . An assaulter who feature electronic network access to the twist can function peculiarly produce message to pervert fopen or blue-pencil lodge from the device . specifically , the return is the Manufacturing Message Specification ( MMS ) utilize to transfer very - clock time march data and see to it info between devices . hither is entirely an case of how electricity ( business leader ) data is configured via these single file , “ tell Nesterov . such twist induce electric substation refuge and hold in capableness and are put-upon in the magnate and all important industriousness planetary in coincidence with CISA .