yeah-it's been the norm for a lot of industrial machines for a while already, that the vendor can perform remote maintenance, but could also ostensibly brick them
(and so could anyone who could fake credentials)

hard to reconcile this with professed worries about cyberattacks on infrastructure, like how much easier can you make it...