It's a classic case of feature creep, in this case more specifically network attachment creep.
These devices were always designated for use in trusted environments and the vague stab at security was largely there to prevent tinkering by users that weren't privileged enough - almost to protect more from accidental changes than intentional or malicious ones.
A trusted environment in this case is where everything networked together is trusted and no non-trusted systems are connected. This works fine and has worked fine for many years, however then some numpty decides that for convenience they need to connect the trusted network or trusted systems to some other network. This isn't, like the initial comments here, directly connecting to the Internet (although some car manufacturers have genuinely been this incompetent), it's connecting to other networks, such as a more general office network. After all, the management systems, which are inevitably PCs of some flavour, are all usually networked together and the devices that they monitor and manage (through a dedicated communication protocol specifically for it such as ModBus or CANBus) are networked together therefore why not connect everything together? Well, the why not is obvious to anyone with any form of security clue however that often doesn't apply to the typical developer who when confronted with security their default response is to assign or require Administrator access to everything just in case.
Another commenter's remark about just having access to the control network is enough to disrupt things - network packets can be easily spoofed, amended or just flooded any of which are easily capable of disrupting operations and, frankly, without the detailed plans of any specific control network's design and operation the most effective way to damage things would be to flood the network and prevent monitoring messages from being processed. For example, a pressure sensor that sends values directly to a valve controller if the valve controller no longer receives the pressure readings it won't close off if the pressure gets too high - a simplistic example but that's the kind of thing that's commonly implemented.
Biting the hand that feeds IT
