Vulnerability Assessment findings of Substation

Frequently occurring vulnerabilities in substation are:

1.?????Unnoticed external connections and unauthorized access, such as clients or servers with external IP addresses connecting and configuring IEDs using a remote connection (VPN tunnel).

2.?????Unexpected devices in the network, including undocumented IP and MAC addresses.

3.?????Open/Unused Services, including:

a.?????IPv6: Mostly found activated on PCs, and sometimes on IEDs.

b.?????Windows file sharing activated on servers and clients.

c.?????PTPv2: It was enabled by default on some industrial switches, even it has never been used.

4.?????Outdated firmware with known vulnerabilities.

5.?????Configuration errors:

a.?????Misconfigured MMS reports.

b.?????Misconfigured GOOSE messages.

6.?????Issues with the network and its redundancy.