SIEMENS has alerted customers that patch files for its Desigo CC building management system are being incorrectly flagged as malware by various antivirus engines. The patches for Desigo CC versions 7 to 9 include a PowerShell script, which Siemens suspects is causing the false-positive detections due to file operations deemed suspicious by security engines. Despite the script remaining unchanged for months, it has only recently been identified as malicious.
Siemens confirmed no differences or malicious modifications were found in the files and noted all digital signatures are valid. This is not the first instance of Siemens facing issues with third-party cybersecurity solutions.