wireshark?
If this is as bad as it sounds, then wireshark on the network for 15 minutes should have found this. Given the bad stuff that can happen if these systems are hacked (see Iran) this is poor.
Do Schneider not have someone with security in their QA department?
Do the companies purchasing this gear not have a security person in their IT department?