Perhaps I misunderstood, but I thought the OP was talking about a home network with a few machines at most?
What is appropriate advice for one circumstance may not be for another.
If none of the network machines can access the plasma PC (i.e. we are only enabling the plasma PC to reach out to a shared folder on one other machine), then the main risk comes down to the user on that machine running an infected binary that they have placed into the shared folder on the "gateway" machine.
If the only thing you copy from the LAN machine are gcode files for the plasma cutter, then I can't see much risk.
If one wants to patch the plasma machine, then doing that offline using WSUS[1] update would seem like a more sensible option. There is certainly no need to allow windows update lose on it.
(Perhaps less so with a plasma table, but keep in mind that CNC setups may take tens of hours per run, and the last thing you need is a windows or virus scan update messing with it half way through a job)
[1]