There is an undocumented backdoor available in CoDeSys software that manages equipment in power plants, military environments, and nautical ships. The tool will grant a command shell to anyone who knows the proper command syntax and inner workings, leaving systems that are connected to the public Internet open to malicious tampering and there is absolutely no authentication needed to perform this privileged command. This software has been used in industrial control systems sold by 261 different manufacturers. The bug allows malicious hackers to access sensitive systems without authorization.
Source: https://thehackernews.com/2012/10/critical-infrastructure-managing.html