CVE-2024-37741

🔶 medium

🔍 Scan for this CVE

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.

CVSS Score

5.4

Medium

EPSS Score

0.4

Exploit Probability

Published Date

2024-06-28

First Seen: 2026-01-05

This CVE is Lower Risk - more severe than 22.8% of all 328,009 vulnerabilities in our database.

#253,218

Below average severity

Severity Percentile

🔍 Exploitation Status

Poc

Proof-of-concept available

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2024-11-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE IDs (Weakness Types)

CWE-79

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
openplcproject	openplc_v3_firmware	Affected	v-

Exploit

Product

Exploit Issue Tracking

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-31156	🔶 medium	6.5	0.0	A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program com...	2026-05-13
CVE-2024-34026	⛔ critical	9.0	6.6	A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v...	2024-09-18
CVE-2024-36980	⚠️ high	7.5	0.4	An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4...	2024-09-18
CVE-2024-36981	⚠️ high	7.5	0.2	An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4...	2024-09-18
CVE-2024-39589	⚠️ high	7.5	0.2	Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of Op...	2024-09-18
CVE-2024-39590	⚠️ high	7.5	0.2	Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of Op...	2024-09-18

These CVEs affect the same products