Weak identities, vulnerable code and insecure remote connection allowed hackers to take control of the facility.