Almost every power plant is effectively internet connected even if it has old control equipment that predates IP as the vast majority of SCADA systems have IP connected HMIs or other core components.
There may be steps involved in getting your RDP exploit to send commands over vendor proprietary RS-485 protocols, but except for certain nuclear plants that are truly air gapped, but it's fewer than you'd sleep soundly knowing about.
I once had a network admin at a major US transmission utility tell me with a straight face that all of their SCADA was pure serial as I was telnetting into the Zhone mux doing those serial channels via a WiFi connection.
In 1990s, When I worked with process control systems, primarily DCS, for petrochemicals, beverages, and other chemical plants, we had phone modems connected to our systems. Only precaution was that modems were not connected to phone port unless someone needed remote access and were disconnected after use.
Actually, we used to computer simulate operations of facility to test our DCS systems against.
I was once talking to an industrial automation engineer at a huge and strategically relevant US industrial group (they made aluminum parts or something, and their direct customers included aircraft manufacturers and military) and he was proudly telling me how they patched raspberry pis into their industrial control systems so they could administer things remotely. It wasn’t super confidence inspiring.
yeah, having actually worked with plcs in industrial control systems... the security is, ahem, lacking for the most part. not that my work was with high security process control but I'd say it's fundamentally lacking for the most part as the state of the art is not that great.
There may be steps involved in getting your RDP exploit to send commands over vendor proprietary RS-485 protocols, but except for certain nuclear plants that are truly air gapped, but it's fewer than you'd sleep soundly knowing about.
I once had a network admin at a major US transmission utility tell me with a straight face that all of their SCADA was pure serial as I was telnetting into the Zhone mux doing those serial channels via a WiFi connection.