Assuming the vulnerability scanner tries some basic login attacks (for example, trying default username/passwords), then it would be analogous to a landlord finding one of their tenants trying to pick their neighbours' locks, and that of the building management office.