OT-ENG-WORKSTATIONLateral Movement

Engineering Workstation Pivot

Compromise the engineering laptop (TIA Portal / Studio 5000) — push arbitrary logic to PLCs through legitimate channels.

§ Where this technique fits

OT-ENG-WORKSTATION is catalogued under the Lateral Movement tactic of the offensive-security kill-chain. It appears in 2 approved dossiers in the registry, typically at step 2.5 on average.

§ Dossiers chaining this technique

TRITON-class SIS reprogram → disable safety shutdown
After OT-network foothold, reach a Triconex Safety Instrumented System. Download attacker logic that suppresses safety trips on a process that's about to be pushed past its safe envelope.
step 2 / 5
Engineering workstation → push payload to PLC
Compromise the OT engineer's laptop (corporate-network adjacent, jumphost-reachable). Use legit engineering tools (TIA Portal / Studio 5000) to download attacker ladder logic to the PLC.
step 3 / 6

§ What commonly comes next

01
Siemens S7 Protocol Abuse
OT-S7-SIEMENS · Impact
seen 1×
02
Triconex / TRITON SIS Reprogram
ICS-TRITON-SIS · Impact
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

TRITON-class SIS reprogram → disable safety shutdown

Engineering workstation → push payload to PLC

§ What commonly comes next