According to analysis by firmware security firm Eclypsium, 7,799 HPE iLO (HPE's Integrated Lights-Out) server baseboard management controllers (BMCs) are exposed to the internet and most do not appear to be running the latest version of the firmware. But the problem doesn't stop there.
Supermicro have some of the worst. Even if you did properly secure it with a password the implementation is so buggy it’s likely fully of exploits anyway.