|Data Sources||Sequential event recorder, Controller program, Network protocol analysis, Packet capture|
|Asset||Safety Instrumented System/Protection Relay, Field Controller/RTU/PLC/IED|
Adversaries may attempt to upload a program from a PLC to gather information about an industrial process. Uploading a program may allow them to acquire and study the underlying logic. Methods of program upload include vendor software, which enables the user to upload and read a program running on a PLC. This software can be used to upload the target program to a workstation, jump box, or an interfacing device.
- Stuxnet replaces the DLL responsible for reading projects from a PLC to the step7 software. This allows Stuxnet the ability to upload a program from the PLC.1