Information and communication technologies (ICT) have contributed to change the way of doing things in practically all industries and markets worldwide. They make it possible to optimize processes, automate them and have a precise level of control in real time. One of the areas that has evolved and made use of these technologies is industrial control systems (ICS), specifically Supervisory Control And Data Acquisition (SCADA) systems. Using modern ICTs in turn entails embracing both their benefits and associated risks. It is important to know the vulnerabilities that affect these technologies and to analyze in detail those that could directly or indirectly affect and compromise the systems that depend on them. The objective of this systematic review is to identify, analyze and evaluate the published research on ICT vulnerabilities associated with SCADA systems, as well as the methods, methodologies, tools, among others, that can be used for their exploitation and thus to know the current scenario, allowing corrective measures to be taken.