Today I was scanning our local network for *reasons* and I noticed that the cRIO had some open open ports. So then I decided to run a vulnerability scan with nessus and it turned out to have 2!!!! high priority security vulnerabilities. The first was a FTP vulnerability to allow for un-authorized read/write access to the cRIO and the second was a vxworks vulnerability allowing for remote reading and writing of any sector of data and also remote code execution. From this, as a proof of concept, I then used Metasploit which had a BUILT-IN exploit for rebooting a VXWorks machine by the IP address alone. Not sure what SHOULD be done about this issue, I just thought I would bring it to the public's attention that it exists.
TL;DR version
cRIO Vulnerabilities = Un-Authorized FTP + Remote Code Execution
Tools = Metasploit + Nessus
5-Second Result = Reboot any robot without credentials