The exposure have got an effect on Relion 670 series merchandise bring forth by Swiss people industrial root supplier ABB . such twist consume electrical substation safety and ascendency capableness and are expend in the powerfulness and requirement diligence oecumenical in continuative with CISA . CISA and ABB advisory expel by the ABB on October 22 are describe as CVE-2019 - 18253 and let a CVSS nock of 10 . An assaulter who accept net entree to the device can habit peculiarly produce substance to ill-usage fopen or blue-pencil file cabinet from the twist . The exposure is colligate with the IEC 61850 criterion , which determine communication protocol for electrical substation with thinking gimmick . specifically , the cut is the Manufacturing Message Specification ( MMS ) ill-used to transfer tangible - clock summons information and insure info between twist . ABB has liberate update to speckle the vulnerability and has give notice client , when not expend , to inactivate the IEC 61850 . The company tell that it has not escort any grounds of the exploitation of vulnerability for malicious intent . You may consumption the pursual loose net read creature to have intercourse the exit at once . Kirill Nesterov , Kaspersky ’s contrary orchestrate director , and the researcher who happen upon the vulnerability , read that the Relion filesystem hold back two typewrite of charge : those interrelate to ecumenical mental process and those intentional to financial backing swear out like tycoon electrical relay security in a substation . “ show conformation file away furnish information on what serving are hightail it and understand / blue-pencil access to feasible single file that furnish command , contour and heart and soul control subprogram , ” report Nesterov . The investigator tell that an assailant can accept vantage of a exposure to get together medium information , such as usernames and parole , so that a aim twist is fully manipulate . Files typically link to the swear out in the SCL ( Substation Language Configuration ) initialise can also turn back entropy worthful to an assaulter . “ They account the digital substation mental process and can provide brainstorm on substructure , industrial action and guard setting for protective electrical relay equipment . Here is but an model of how electrical energy ( baron ) information is configured via these data file , “ order Nesterov . edit single file may too personate a grave threat by work the vulnerability . slay charge and do the twist to traverse service ( DoS ) consideration will keep the system of rules manipulator from ascertain and may trail to the disenable guard have , for case , get the twist not to oppose to a index - pipeline short racing circuit . try out deport out by Nesterov express that delete certain charge could make believe the system inoperative until the firmware has been reinstall . He far-famed , notwithstanding , that it would not be prosperous for an assaulter to causal agent a substation dangerous harm . “ most protection scenario are not aboveboard , because everything on the substation is repeat , ” he allege . “ There could , what is more , be several substation which could king the whole to guaranty power availability , conceive the case of entity receive king . ” “ The almost essential scene of this vulnerability was that it was the have in mind by which the might blood line link up to the king electrical relay protective cover gimmick could rich person fully approach or persistency on the gimmick for CISA too announce close workweek that Relion 650 and 670 device were strike by a mass medium - sized exposure to reset earpiece . Upon bring up , the scheme does not receive the principal sport . researcher at ScadaX report this trouble to ABB .