Researchers occasionally find "backdoors" or buffer overflow bugs in specific firmware builds that allow memory dumps. These are usually patched quickly by vendors.
Using logic analyzers to intercept communication between the HMI and PLC during the handshake process. plc+hmi+password+unlock+v42+2021