Contract
It's a tough one, though, isn't it? There's a bit of a difference between finding out that a the kit has a port open and discovering that the CPU at the centre of the kit is vulnerable because of fundamental architecture design. Creating and pricing a contract between developer, vendor and customer to cover that range of installed performance would be tough. You can use words like "forseeable" and "fit for purpose" but someone has to be paid to carry the risk - either in up front costs or lease/support fees.
Air gapping looks (to me - but it's not my field) like the best tech option, but at the cost of losing the diagnostic and analysis benefits that connectivity probably brings.