Siemens is informing customers that patch files for its Desigo CC building management system are erroneously being flagged as malware by multiple cybersecurity solutions.
Desigo CC integrates HVAC, lighting, security, fire safety, power, and other building subsystems into a single open platform for centralized monitoring and control.
The industrial giant recently learned that patch files released for Desigo CC versions 7 through 9 are being detected as malicious by various antivirus engines, as confirmed by tests on VirusTotal.
Siemens says it’s working with cybersecurity vendors to address the inaccurate file classification, but it suspects that the false-positive detections are caused by a PowerShell script compiled as an executable.
The script is included in a ‘patchHelper’ shipped with Desigo CC patches. Siemens believes that file system operations, registry modifications, and execution with elevated privileges in the script are considered suspicious or malicious by security engines.
Interestingly, the vendor says the script has been the same for several months, but it’s only now being flagged as malicious.
“All relevant files were manually compared to the development repositories. No differences or malicious modifications were found. In addition, the digital signatures were verified as valid and showed no indications of manipulation,” Siemens pointed out in its advisory.
This is not the first time Siemens has reported issues with third-party cybersecurity solutions. Last year, the company notified customers of a problem affecting Microsoft Defender Antivirus and its Simatic PCS products.
Related: Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers
Related: ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact
Related: Real-World ICS Security Tales From the Trenches
Related: Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
