Dale Peterson and I demonstrate how using commonly available tools an attacker can learn how firmware is loaded into two different Programmable Logic Controller (PLC) Ethernet cards, write his own malicious firmware, and load that malicious firmware into the field device Ethernet cards.