Unicorn-Hyh

**Name of the Vulnerable Software and Affected Versions** OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) **Description** A path injection issue exists in the binary program compiled from `glue generator.cpp`. The software fails to validate file path parameters passed via the command line, specifically the `varName` and `varType` parameters. These user-controlled inputs are passed directly to file operation functions such as `fopen()`, `ifstream`, and `ofstream`, allowing a remote attacker to read and write arbitrary files by constructing malicious paths. **Recommendations** For version 2c82b0e79c53f8c1f1458eee15fec173400d6e1a, restrict access to the binary compiled from `glue generator.cpp` to prevent unauthorized command-line input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.