Add firewall. Whitelist owner IP address(es), or better, only allow connections secured by a VPN. Problem solved.
Having an unpatched web server accepting traffic from everywhere is bad karma, regardless of the underlying OS. I mean, a web server that's a control system that really only exists so a small subset of people can access it, really doesn't need to be open to the whole world. That's just lazy and asking for trouble.