Digital Bond released a high interaction / very realistic SCADA Honeynet a few years back. Actually a better name would be a PLC Honeynet because it appeared to be a Modicon PLC. It has a points list with realistic values from an actual PLC that can be accessed via Modbus TCP. The FTP, HTTP, Telnet and SNMP interfaces are also realistic. FYI, it is still available for free download and use.
For about 18 months we had Honeynets deployed in a substation and on the Internet. While they saw a number of attacks, they all appeared automated and none were ICS related. We saw no traffic on the Modbus TCP port, and the FTP password guessing attacks never attempted the default Modicon credentials which are easily learned via search. With the advent of Shodan, it may be worthwhile hanging a couple on the Internet and seeing if anything has changed.
In a tweet, @mtoecker was asking if this could be modified to detect Beresford or Stuxnet attacks on a Siemens S7 PLC. The answer is of course yes, but how much work would be required.
If you have a spare Siemens S7 PLC, it is very simple to modify the SCADA Honeywall, a subset of the SCADA Honeynet, to support the S7. Look at the drawing at the bottom of this page, and you will see how the Honeywall can sit in front of PLC to log activity and alert on attacks. Since this is not a valid PLC in the process, any activity would be unauthorized, but not necessarily malicious.
The other approach would be to create the simulated S7 PLC to replace the simulated Modicon PLC. The amount of work is directly related to level of interaction/realism, which is directly related to how long an attacker will be fooled by the Honeynet.