Siemens is alerting customers that patch files for its Desigo CC building management system are being incorrectly flagged as malware by multiple antivirus engines. The company believes the false positives are triggered by a PowerShell script in the patch that performs file system operations, registry modifications, and runs with elevated privileges, though Siemens has verified the files are legitimate and digitally signed. This marks at least the second time Siemens has encountered issues with third-party security software incorrectly identifying its industrial control system products as threats.