Vulnerable industrial controls directly connected to Internet? Why not?

You might not think that factory industrial controls would be directly accessible from the Internet. But a quick survey of devices open on the network port mentioned in the advisory (TCP port 102) using the Shodan search engine revealed over 1,000 Siemens devices directly accessible on the Internet (plus a certain number of honeypots set up to detect attacks).

Ironically, the credential-stealing vulnerability may not even be an issue in some cases, because a substantial number of the devices surveyed in the Shodan search had no authentication configured at all.