Playing devil's advocate: As the title says, the vendor included backdoors in the application. I'm not sure I can trust them and their clearly irresponsible development practices to patiently wait for them to handle this on their own.
Almost all PLCs have back doors. Just because it uses Ethernet doesn't mean it does anything fancy. Almost all the PLCs I am aware of simply wrap existing RS 232 protocols over IP from the 80s and even earlier. Most of the plants actually seem to want these back doors, because downtime at a production facility is incredibly expensive.
PLCs are not designed to externally accessible, ever. The back doors are completely irrelevant anyway given that the PLC will accept any packet from anywhere, and perform the operation. The RS-232 commands are functions such as "enable bit", "disable bit", "set value", "read value", for actuating inputs and outputs.