You IPMI setup does not need to be public facing to be affected. Think of SQL Slammer and similar worms back in the day (yes I am old..ish), those systems were not publicly accessible (well some were, there is always that outlier crowd of stupid people who put everything on the internet....).
More than likely, the targets are people who open attachments, or download random crap from places they shouldn't on their work systems, at which point they are inside the network and all is lost in a poorly segmented network.
I am an IT Security Specialist, I do pentesting and audits.. you would be surprised by how many systems I have seen on random regular non ACLd or firewalled networks... on top of that.. on at least 2 occasions in the last 10 years (which is 2 too many), I found switches bridging secure and unsecure networks with default cisco/cisco authentication because the contractor was lazy and did not want to walk the 5 min between datacenter zones.
Then there are major entities who's entire security infrastructure and much of its network infrastructure on generic lans accessible by all.
On the brightside.. as long as people make malware.. I'll be comfortably employed