Threat actors may exploit a software vulnerability to take advantage of a programming error in a program, service, or within the operating system software or kernel itself to enable remote service abuse. A common goal for post-compromise exploitation of remote services is for initial access into and lateral movement throughout the ICS environment to enable access to targeted systems.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.