SAP and OPC are full of security holes. Who would have guessed?
I can't offer advice about SAP, but on the PLC/RTU/meter side the biggest problem is the huge dog's breakfast of proprietary protocols, which OPC tries to paper over.
Someone (Tofino) does a firewall appliance for Modbus/TCP which can let you control which registers and commands you want to allow through. Stick it in your control panel next to the PLC, configure it, and you're done. Someone did an open source Modbus/TCP firewall which I think is based on the standard Linux packet filtering (I think Tofino just packages that up and adds a front end). That pretty much deals with the issue of accessing arbitrary memory addresses.
That is only for Modbus/TCP though, as it's an open protocol. You're pretty much screwed so far as the proprietary protocols are concerned, since the industrial control vendors have no clue about security, and third parties can't come and play in their proprietary protocol playpens since the proprietary aspect is there for vendor lock-in and no other reason.