You can’t hack if it’s not on the worldwideweb. Who the fock made it vulnerable? Stupid fools.
I’ve told that to people in companies before.
They look at me like I just stepped off a spaceship.
The control systems are complex microprocessor controls these days... remote services from the manufacturer are quite common. You can get them to log in and fix a problem within hours or minutes verses days or weeks for a field service engineer to fly in. That could be millions and millions of dollars of lost revenue.
Usually these remote access connections are "air gapped" with a switch that is normally turned off.