Comment by RetroTechie

That's for when the uC is able to execute code from RAM. Some uCs can only execute code from a separate address space (Harvard architecture), that may not even be readable (let alone writeable) by the program itself.

On such a uC the "inject random payload" option would be out. Still possible might be denial-of-service attacks, altering or exfiltrating data etc.

But most stuff online are regular von Neumann machines where -in theory- anything is possible.