The remote host has the almaxcx.dll ActiveX control that is affected by an arbitrary file overwrite vulnerability that can be triggered by providing an absolute path when calling the controlβs Save() method in a specially crafted HTML document.
Binary data scada_siemens_alm_almaxcx_activex.nbin