{"id":229967,"date":"2026-06-11T07:40:00","date_gmt":"2026-06-11T11:40:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/11\/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines\/"},"modified":"2026-06-11T09:40:11","modified_gmt":"2026-06-11T13:40:11","slug":"siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/11\/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines\/","title":{"rendered":"Siemens Says Desigo CC Files Flagged as Malware by Security Engines"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityweek.com\/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines\/\">Siemens Says Desigo CC Files Flagged as Malware by Security Engines<\/a><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines\/\">https:\/\/www.securityweek.com\/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-11 07:40:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityweek.com\">www.securityweek.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Siemens is informing customers that patch files for its Desigo CC building management system are erroneously being flagged as malware by multiple cybersecurity solutions.<\/p>\n<p>Desigo CC integrates HVAC, lighting, security, fire safety, power, and other building subsystems into a single open platform for centralized monitoring and control.<\/p>\n<p>The industrial giant recently learned that patch files released for Desigo CC versions 7 through 9 are being detected as malicious by various antivirus engines, as confirmed by tests on VirusTotal.<\/p>\n<p>Siemens says it\u2019s working with cybersecurity vendors to address the inaccurate file classification, but it suspects that the false-positive detections are caused by a PowerShell script compiled as an executable.<\/p>\n<p>The script is included in a \u2018patchHelper\u2019 shipped with Desigo CC patches. Siemens believes that file system operations, registry modifications, and execution with elevated privileges in the script are considered suspicious or malicious by security engines.<\/p>\n<p>Interestingly, the vendor says the script has been the same for several months, but it\u2019s only now being flagged as malicious.\u00a0<\/p>\n<p>\u201cAll relevant files were manually compared to the development repositories. No differences or malicious modifications were found. In addition, the digital signatures were verified as valid and showed no indications of manipulation,\u201d Siemens pointed out in its advisory.\u00a0Advertisement. Scroll to continue reading.<\/p>\n<p>This is not the first time Siemens has reported issues with third-party cybersecurity solutions. Last year, the company notified customers of a problem affecting Microsoft Defender Antivirus and its Simatic PCS products.<\/p>\n<p>Related: Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers<\/p>\n<p>Related: ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact<\/p>\n<p>Related: Real-World ICS Security Tales From the Trenches<\/p>\n<p>Related: Critical Vulnerability Exposes Industrial Robot Fleets to Hacking<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Siemens Says Desigo CC Files Flagged as Malware by Security Engines https:\/\/www.securityweek.com\/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines\/ Publish Date: 2026-06-11&#8230;<\/p>\n","protected":false},"author":1,"featured_media":229969,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2024\/04\/Siemens.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,27],"class_list":["post-229967","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229967"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=229967"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229967\/revisions"}],"predecessor-version":[{"id":229971,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229967\/revisions\/229971"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/229969"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=229967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=229967"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=229967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}