Attackers can take complete control of a system by passing crafted input to susceptible .NET methods that fail to validate input correctly.
For air-gapped or frozen systems:
Older versions of .NET 4.0 are susceptible to high-impact exploits that can lead to full system compromise: CLR 4.0.30319 vulnerabilities - asp.net - Stack Overflow microsoft net framework 4.0 v 30319 vulnerabilities
Many legacy .NET 4.0 apps were never reconfigured to use AES instead of 3DES, and error messages were not suppressed. Attackers can take complete control of a system