No sane person would connect a piece of test equipment to a corporate network so it is a non-issue.
It can be argued how sane the people that do it are, but suffice to say people connect test equipment to corporate networks ALL THE TIME. I don't think I've ever worked somewhere that had test equipment and didn't connect at least some of it to the corporate network.
I agree. The phrase "corporate network" is misleading here. It sounds like there is one corporate subnet that is sensitive and secure and things shouldn't be connected there unless they are secured to level of PCI-DSS, HIPAA and FedRAMP.....
Corporate network is a set of many different subnets with different levels of security, connectivity etc...
Test dept might have separate little T&M network not connected to LAB1 or LAB2 T&M network. And all of that separated from SAP.. They would be separate VLAN and separated by firewalls..
So sure people would connect T&M equipment to the network where there is a workflow need for it. In those places IT will make it work instead of telling you "you cannot connect that to OUR network". It is not their network, they are just people paid to keep network running, the way business needs it..
All of that in addition to what has been said many times before: If scope is running some old OS that has known vulnerabilities, it is
not scope that is dangerous to the network, but vice versa: if network gets attacked, patched PCs will not be compromised but scope OS will.. But that is a problem only if you already have a breach or internal actor. Which means you have bigger problems.
Problem with that is that there are usually no organizational provisions to perform antimalware procedures on scopes by team that is doing that on PCs, and scope users are not it......