@article{article_1754929, title={Firmware Analyzer of Intelligent Electronic Devices in Substations Based on Vulnerability Databases}, journal={Sakarya University Journal of Computer and Information Sciences}, volume={8}, pages={553–569}, year={2025}, DOI={10.35377/saucis...1754929}, url={https://izlik.org/JA82AT24GM}, author={Gargouri, Khouloud and İskefiyeli, Murat}, keywords={Passive Vulnerability Scanning, Configuration Analysis, Intelligent Electronic Devices, Energy System}, abstract={In recent years, with the acceleration of digitalization, Intelligent Electronic Devices (IEDs) used particularly in energy transmission and distribution infrastructures have become one of the primary targets of cyber-attacks. This has made the detection and management of vulnerabilities in IEDs more challenging. Most energy system operators rely on security advisories published by vendors to identify security vulnerabilities. This study presents an approach aimed at automating this process. Manufacturer, model, hardware, and software version information of the devices is passively obtained from SCL files compliant with the IEC 61850 standard, and this data is correlated with the NVD, CWE, and vendor security bulletins to generate a comprehensive vulnerability report. In the implementations carried out in the CENTER-SAÜ test environment, the developed system was observed to produce accurate and complete results. The reports include the identified vulnerabilities and the risk level, attack vector, affected versions, patches and recommended mitigation measures for each vulnerability.}, number={3}