CVE-2026-1775
published 2026-03-03CVE-2026-1775: The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run…
PriorityP261high8.8CVSS 4.0
AVNACLATNPRNUINVCLVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.76%
50.6th percentile
The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| labkotec | lid-3300ip | — | — |
| labkotec | lid-3300ip_type_2 | < 2.20 | 2.20 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target device is Labkotec LID-3300IP; detect exploitation attempts by monitoring for unauthenticated packets sent to the device that alter parameters or trigger operational commands — no authentication headers/tokens will be present in the request ↗
- →Network-layer detection: flag any inbound traffic to LID-3300IP devices originating from outside the trusted internal network segment, especially over HTTP (non-HTTPS); HTTPS activation is a recommended mitigation, so plain HTTP management traffic to these devices is suspicious ↗
- →Devices directly reachable from the internet should be treated as high-priority investigation targets; internet-exposed LID-3300IP devices are prime exploitation candidates ↗
- ·All firmware versions of LID-3300IP (original model) are affected with no available patch; only the Type 2 model running firmware V2.40 is remediated ↗
- ·Devices not on any Ethernet network are not susceptible; network connectivity is a prerequisite for exploitation ↗
- ·LID-3300IP Type 2 versions below V2.20 are confirmed affected; V2.40 is the fixed version ↗
- ·No known public exploitation has been reported at time of advisory publication ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Labkotec LID-3300IP
cisa_ics·2026-03-03·CVSS 8.8
[HIGH] Labkotec LID-3300IP
ICS Advisory
##
Labkotec LID-3300IP
Release DateMarch 03, 2026
Alert CodeICSA-26-062-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability could allow attackers to gain unauthorized control over system operations, leading to disruption of normal functionality and potential safety hazards.
The following versions of Labkotec LID-3300IP are affected:
- LID-3300IP vers:all/*
- LID-3300IP Type 2
CVSS
Vendor
Equipment
Vulnerabilities
| v3 9.4
| Labkotec
| Labkotec LID-3300IP
| Missing Authentication for Critical Function
## Background
- Critical Infrastructure Sectors: Communications, Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Loca
GHSA
GHSA-v8pw-4mpx-qwjj: The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters
ghsa_unreviewed·2026-03-04
CVE-2026-1775 [HIGH] CWE-306 GHSA-v8pw-4mpx-qwjj: The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters
The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-03-03
Published