Siemens Says Desigo CC Files Flagged as Malware by Security Engines

A PowerShell script included in patch files appears to be triggering false positives by multiple security engines. The post Siemens Says Desigo CC Files Flagged as Malware by Security Engines appeared first on SecurityWeek .

The article reports that Siemens Desigo CC patch files for versions 7–9 are being flagged as malware by multiple antivirus engines due to a bundled PowerShell script compiled into a patchHelper executable that performs privileged file and registry operations, triggering heuristic detections.[1][2][4] Siemens’ internal analysis and signature verification indicate these are false positives with no evidence of tampering or actual malware, and the company is working with AV vendors to correct the classifications.[1][2] From a CyberSE.AI perspective, this illustrates a broader software and AI supply chain risk: security tooling can misclassify legitimate, signed update components, disrupting patching processes and potentially leading organizations to delay critical updates. Practically, organizations should strengthen their supply chain governance (including signature verification and SBOM practices) and define policies for adjudicating AV detections on vendor-signed components, especially where similar logic (scripts, installers, or AI-related tooling) is embedded in operational or OT environments.