Threat actors may modify the tasking of a controller to allow for the execution of their own programs. This can allow an adversary to manipulate the execution flow and behavior of a controller.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.