Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. In this research, we investigate attacks against PLCs from two different perspectives. We show how to circumvent current host-based detection mechanisms applicable to PLCs by avoiding typical function hooking or modifying kernel data structure. We then introduce a novel attack against a PLC that allows the adversary to stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. The attack is feasible due to lack of hardware interrupt on the PLC's SoC and intensified by Pin Control subsystem inability for hardware level Pin Configuration detection. Our study is meant to be used as a basis for the design of more robust detection techniques specifically tailored for PLCs.