The vulnerabilities aren't surprising, as a huge number of these controls are running old versions of Windows and doing things like patching and installing antivirus packages can bugger up the proprietary software that seems to be designed to be flaky on purpose to ensure lots of expensive after sales service by the manufacturer.
What surprises me is why these things are connected to the internet? I can understand having to plug them in for remote support occasionally, but they should be isolated the rest of the time. That's what we've always done...