I regularly export a list out of Shodan and run it through a script to retrieve models and PLC names of the connected systems. Only 1 time have I found one of my customer's PLCs and even then it was just a mistake on one of their firewalls someone made and they fixed it quickly. I've also reached out to some of the ones who evidently don't understand the importance of keeping the PLC directly off the internet. I've had mixed reactions from some being thankful and fixing it, to others being thankful and saying they're going to fix it but never do, to more extreme cases where no one responds to my emails and the best of one person getting mad at me for reaching out and telling me that it's just a PLC, not a server and there's not much anyone can do to a PLC. That last one was literally a port for unloading oil from ships and pumping it into a pipeline. They closed the firewall but I was surprised at how rude they were about it.