The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request.
http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-01.pdf
http://www.securityfocus.com/bid/53484