Re: 54 security bugs?
It was probably never designed with hardening beyond preventing employees from accidentally performing dangerous unauthorized tasks. Some control systems have so many complex interconnecting components that network isolation is a thousand times easier than hardening the software. Just managing the keystores for everything would drive you mad.
OK, buffer overflows are always bad because they can happen by accident. I'm just never surprised when there's an ACL bypass or content injection vulnerability in software that was not meant for the WAN side of the Ethernet cables.