Not only is Supermicro headquartered in USA, but it's operations are in Taiwan, which they would very much like you to acknowledge is not the same as mainland China.

There's a lot of vulnerabilities, of course. Supermicro isn't great at releasing updates for old boards either.

https://www.cve.org/CVERecord/SearchResults?query=supermicro

Many vendor IPMI is so fiendishly hard to isolate from untrusted networks (or even networks in general) that it almost has to be an intentional backdoor.