Re: "...recommends blocking telnet and SNMP..."
> ports/services useful in the design and test phases
Though there's not really an excuse for the config defaulting to 'open'... I can see why for the plug-and-play side they might want snmp enabled, but telnet - definitely not.
As for why telnet and not ssh, that's down to resources - a telnet service uses naff-all resources, whereas the requirements for ssh will add at least 25p to the hardware cost and there's not many manufacturers who will go for that. Plus all the patching/reflashing now that people have actually been looking at the code.
> Those engineers are pulled off
I think you might have inadvertently grasped why the technical professions appeal more to men than women, and the situation needs a firm hand to resolve etc etc, see recently-republished 'single entendre' article...