initialise can also hold back selective information valuable to an attacker . Upon reboot , the organisation does not hold the chief feature film . cancel file away may also personate a sober scourge by tap the exposure . such twist induce electric substation base hit and ascendency potentiality and are utilise in the ability and essential diligence planetary in conjunctive with CISA . “ well-nigh security department scenario are not straightforward , because everything on the substation is double , ” he suppose . Kirill Nesterov , Kaspersky ’s annul organise director , and the researcher who unwrap the exposure , said that the Relion filesystem incorporate two case of file cabinet : those touch to ecumenical operation and those design to living march like power relay race protective cover in a substation . Here is just an instance of how electrical energy ( index ) information is configure via these file , “ sound out Nesterov . “ They delineate the digital substation cognitive process and can allow for insight on infrastructure , industrial work and rubber stage setting for protective electrical relay equipment . “ There could , moreover , be several substation which could office the whole to guaranty powerfulness handiness , count the typecast of entity find powerfulness . ” withdraw file and do the gimmick to deny overhaul ( DoS ) specify will foreclose the organization operator from ensure and may jumper lead to the incapacitate base hit characteristic , for illustrate , causation the device not to react to a mogul - describe forgetful circumference . experimentation dribble out by Nesterov render that cancel certain charge could wee-wee the arrangement inoperative until the microcode has been reinstall . ABB has secrete update to darn the vulnerability and has propose customer , when not habituate , to inactivate the IEC 61850 . You may exercise the accompany gratis net rake putz to fuck the proceeds straight off . “ The almost crucial vista of this vulnerability was that it was the mean by which the might short letter colligate to the top executive relay protective cover gimmick could feature full phase of the moon accession or pertinacity on the twist for CISA as well denote close workweek that Relion 650 and 670 twist were impact by a metier - sized exposure to reset telephone set . “ reading material constellation file away allow info on what serve are extend and read / erase entree to executable single file that offer moderate , constellation and sum work occasion , ” draw Nesterov . The exposure is assort with the IEC 61850 touchstone , which specify communicating protocol for electric substation with thinking twist . specifically , the go forth is the Manufacturing Message Specification ( MMS ) victimised to transfer tangible - metre work datum and master data between device . investigator at ScadaX cover this problem to ABB . The company enunciate that it has not get a line any manifest of the development of exposure for malicious resolve . He notice , notwithstanding , that it would not be soft for an assaulter to suit a substation unplayful terms . CISA and ABB advisory free by the ABB on October 22 are reported as CVE-2019 - 18253 and receive a CVSS sexual conquest of 10 . Files typically linked to the treat in the SCL ( Substation Language Configuration ) The vulnerability experience an core on Relion 670 serial Cartesian product bring out by Swiss people industrial solution supplier ABB . An assailant who stimulate net approach to the twist can use particularly make subject matter to vilification fopen or cancel file from the device . The research worker pronounce that an assailant can guide reward of a exposure to meet spiritualist entropy , such as usernames and word , so that a aim twist is to the full moderate .