The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device.
PUBLISHED5.2CWE-306
Missing Authentication for Critical Function in Labkotec LID-3300IP
Problem type
Affected products
Labkotec
LID-3300IP
All versions - AFFECTED
LID-3300IP Type 2
< 2.20 - AFFECTED
References
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-1775Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-1775",
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"dateUpdated": "2026-03-03T21:21:09.269Z",
"dateReserved": "2026-02-02T17:02:21.300Z",
"datePublished": "2026-03-03T21:21:09.269Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert",
"dateUpdated": "2026-03-03T21:21:09.269Z"
},
"title": "Missing Authentication for Critical Function in Labkotec LID-3300IP",
"descriptions": [
{
"lang": "en",
"value": "The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device.<br>"
}
]
}
],
"affected": [
{
"vendor": "Labkotec",
"product": "LID-3300IP",
"defaultStatus": "unaffected",
"versions": [
{
"version": "All versions",
"status": "affected"
}
]
},
{
"vendor": "Labkotec",
"product": "LID-3300IP Type 2",
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThan": "2.20"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-05",
"tags": [
"government-resource"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"solutions": [
{
"lang": "en",
"value": "Labkotec reports that it is not possible to implement secure and encrypted network traffic on the LID-3300IP. For this reason, Labkotec recommends updating ice detectors to the LID-3300IP Type 2 model and installing the latest firmware version V2.40. It is also highly recommended to activate HTTPS for network traffic. The device type and software version can be verified in the web interface.\n\nDevices not connected to an Ethernet network are not susceptible to this attack. Ice detectors operating on secure internal networks that adhere to modern security standards, where only authorized devices and users have access, are protected against external threats.\n\nLabkotec recommends implementing the following additional security controls:\n* Do not connect the device to the public Internet\n* Follow good security practices\n* Change Default Credentials\n* Enable Secure Management Access\n* Network Segmentation\n* Implement Firewall and Access Controls\n* Restrict Protocols\n* Monitor and Alert\n* Avoid Direct Internet Exposure\n* Keep Firmware Updated\n* Control Physical Access\n* Maintain Inventory and Access Reviews\n\nUsers can find more information in Labkotec's security advisory ( https://labkotec.fi/wp-content/uploads/CA-000001-Cybersecurity-Advisory.pdf) .",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Labkotec reports that it is not possible to implement secure and encrypted network traffic on the LID-3300IP. For this reason, Labkotec recommends updating ice detectors to the LID-3300IP Type 2 model and installing the latest firmware version V2.40. It is also highly recommended to activate HTTPS for network traffic. The device type and software version can be verified in the web interface.<br><br>Devices not connected to an Ethernet network are not susceptible to this attack. Ice detectors operating on secure internal networks that adhere to modern security standards, where only authorized devices and users have access, are protected against external threats.<br><br>Labkotec recommends implementing the following additional security controls:<br>* Do not connect the device to the public Internet<br>* Follow good security practices<br>* Change Default Credentials<br>* Enable Secure Management Access<br>* Network Segmentation<br>* Implement Firewall and Access Controls<br>* Restrict Protocols<br>* Monitor and Alert<br>* Avoid Direct Internet Exposure<br>* Keep Firmware Updated<br>* Control Physical Access<br>* Maintain Inventory and Access Reviews<br><br>Users can find more information in Labkotec's security advisory (<a target=\"_blank\" rel=\"nofollow\" href=\"https://labkotec.fi/wp-content/uploads/CA-000001-Cybersecurity-Advisory.pdf)\">https://labkotec.fi/wp-content/uploads/CA-000001-Cybersecurity-Advisory.pdf)</a>.\n\n<br>"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Souvik Kandar",
"type": "reporter"
}
]
}
}
}