ICS Advisory (ICSA-11-018-01)

AGG SCADA Viewer OPC Buffer Overflow Vulnerability

Click to Tweet.
Click to send to Facebook.
Click to Share.

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.



The ICS-CERT has received a report from independent security researcher Steven James that a stack-based buffer overflow exists in the AGG Software OPC SCADA Viewer software. The vulnerability could allow arbitrary code execution. ICS-CERT has coordinated with AGG Software, which has developed a patch to address this vulnerability. The researcher has also verified that the patch resolves the issue.

Affected Products

This vulnerability affects all OPC SCADA Viewer versions prior to Version 1.5.2 (Build 110).


A successful exploit of this vulnerability could lead to arbitrary code execution. The exact impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation.


AGG Software is a North American company that produces data acquisition, data logging, and monitoring software for hardware interfaces. OPC SCADA Viewer is a tool that displays data received through the OPC interface.

Vulnerability Characterization

Vulnerability Overview

OPC SCADA Viewer is vulnerable to a stack-based buffer overflow. An attacker can craft a special configuration file that can allow arbitrary code execution when parsed by OPC SCADA Viewer.


This vulnerability is exploitable from the local machine.

Existence of Exploit

No publicly available exploit is known to exist.


A moderate level of skill is needed to exploit this vulnerability.


ICS-CERT recommends that users of OPC SCADA Viewer take the following mitigation steps:

  • Update OPC SCADA Viewer to the latest version (1.5.2 (Build 110)) or install Update Version 1.5.2 build 110 to patch releases since Version 1.5.0. The latest version and update can be found on AGG’s OPC SCADA Viewer download page.
  • Do not open configuration files from an untrusted source.

Organizations should follow their established internal procedures if any suspected malicious activity is observed and report their findings to ICS-CERT for tracking and correlation against other incidents. ICS-CERT reminds organizations that proper impact analysis and risk assessment should be performed prior to taking defensive measures.

The Control System Security Program also provides a recommended practices section for control systems on the US-CERT website. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Contact Information

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

For industrial control systems cybersecurity information:  https://us-cert.cisa.gov/ics 
or incident reporting:  https://us-cert.cisa.gov/report

CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.