An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf
https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer