In a nutshell: Multiple antivirus solutions are blocking update files for Siemens Desigo CC (versions 7–9) due to a compiled PowerShell script triggering heuristic detection mechanisms — supply chain compromise has been ruled out.
Siemens warns of false positives in update files for building management system Desigo CC (versions 7–9): multiple antivirus solutions incorrectly classify the patch files as malware. The manufacturer has already conducted a supply chain review.
Siemens’ Desigo CC building management system is used for centralized control and monitoring of building subsystems such as heating, ventilation, air conditioning, lighting, fire protection and security systems. Update files for program versions 7 through 9 are currently being incorrectly classified as malicious by multiple antivirus engines, as verified by checks on the VirusTotal analysis platform. Siemens is working with the affected security vendors to correct the faulty detection.
According to Siemens, the cause of the false alarms is an executable file named patchHelper that contains a compiled PowerShell script. This script performs file operations during installation, makes changes to the system registry and requires elevated administrator privileges. These behaviors are flagged as suspicious by heuristic detection mechanisms. The script has been delivered unchanged for several months; however, the false alarms only occurred recently.
To rule out supply chain compromise, Siemens has initiated an internal review. According to the company, all relevant files were manually compared with the development repositories without finding any discrepancies or malicious modifications. Digital signatures were verified as valid and showed no signs of tampering.
Similar compatibility issues with antivirus software are already known at Siemens. Last year, Microsoft Defender incorrectly blocked legitimate components of industrial process control systems from the Simatic PCS product line.
Source: www.it-daily.net · Published June 14, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.