ICS Advisory

AGG SCADA Viewer OPC Buffer Overflow Vulnerability

Last Revised
Alert Code
ICSA-11-018-01

Overview

The ICS-CERT has received a report from independent security researcher Steven James that a stack-based buffer overflow exists in the AGG Software OPC SCADA Viewer software. The vulnerability could allow arbitrary code execution. ICS-CERT has coordinated with AGG Software, which has developed a patch to address this vulnerability. The researcher has also verified that the patch resolves the issue.

Affected Products

This vulnerability affects all OPC SCADA Viewer versions prior to Version 1.5.2 (Build 110).

Impact

A successful exploit of this vulnerability could lead to arbitrary code execution. The exact impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation.

Background

AGG Software is a North American company that produces data acquisition, data logging, and monitoring software for hardware interfaces. OPC SCADA Viewer is a tool that displays data received through the OPC interface.

Vulnerability Characterization

Vulnerability Overview

OPC SCADA Viewer is vulnerable to a stack-based buffer overflow. An attacker can craft a special configuration file that can allow arbitrary code execution when parsed by OPC SCADA Viewer.

Exploitability

This vulnerability is exploitable from the local machine.

Existence of Exploit

No publicly available exploit is known to exist.

Difficulty

A moderate level of skill is needed to exploit this vulnerability.

Mitigation

ICS-CERT recommends that users of OPC SCADA Viewer take the following mitigation steps:

  • Update OPC SCADA Viewer to the latest version (1.5.2 (Build 110)) or install Update Version 1.5.2 build 110 to patch releases since Version 1.5.0. The latest version and update can be found on AGG’s OPC SCADA Viewer download page.
  • Do not open configuration files from an untrusted source.

Organizations should follow their established internal procedures if any suspected malicious activity is observed and report their findings to ICS-CERT for tracking and correlation against other incidents. ICS-CERT reminds organizations that proper impact analysis and risk assessment should be performed prior to taking defensive measures.

The Control System Security Program also provides a recommended practices section for control systems on the US-CERT website. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

This product is provided subject to this Notification and this Privacy & Use policy.

Vendor

AGG Software