It's your call to make. If your system doesn't have some sort of 'security' risk to it, then all the reasons you have to upgrade are purely internal cost-benefit analysis.
Code is a tool, treat it like any other. Just be aware of possible accumulating deferred costs. I don't know exactly what field your in, but just imagine any other piece of equipment or component going EOL, and the manufacturer only providing semi-drop in replacements. Or even if they are advertised as "drop in", you know that half the time they aren't, and something derpy happens on integration.
The system is not firewalled from the internet. There are tools that need internet based licenses. There are organization firewalls, but there is always a risk involved with having unpatched platforms. I have to weigh that risk against the cost of porting. Both are difficult to gauge.
Code is a tool, treat it like any other. Just be aware of possible accumulating deferred costs. I don't know exactly what field your in, but just imagine any other piece of equipment or component going EOL, and the manufacturer only providing semi-drop in replacements. Or even if they are advertised as "drop in", you know that half the time they aren't, and something derpy happens on integration.