Someone on the (empty just now) chat had commented on Liebert UPS' for cameras. Liebert, as of 2014, still shipped Telnet enabled on their control units. And they use BACNET. English translation: they're not secure, they could be potentially attacked through the network.
FYI UPS can kill you. Under certain conditions you can fake a UPS power-loss notice to your VMS or your Disk array and tell it to shut down. Also, it's another embedded box built by a vendor likely not thinking about network security who added a cheesy circuit board with an ethernet interface so those darn datacenter customers would think it's monitorable. And there's the story (from LAST CENTURY - 1999) where the network auditor "broke in" to a data center by using telnet to access the HVAC unit for the NOC and raising the temperature until they drove the operators out of the building.
I'm also reminded of this by the Minuteman UPS advert I just received for a product called "Entrust". You can tell their engineering team has never seen a digital certificate when they use a CA name for a product name. Yes, it relates, because all your network gear should have "non-person entity" cerficates so the UPS engineers most definitely need to be taught how to spell complex words like TLS and SNMP.