PatchSiren cyber security CVE debrief
CVE-2026-1775 Labkotec CVE debrief
CISA published advisory ICSA-26-062-05 on 2026-03-03 for CVE-2026-1775 affecting Labkotec LID-3300IP ice detector software. The issue is network-reachable, requires no authentication, and can let an attacker alter device parameters and run operational commands after sending specially crafted packets. The advisory rates the flaw Critical (CVSS 9.4). Labkotec’s stated path forward is to move affected deployments to the LID-3300IP Type 2 model and install firmware V2.40, with additional network hardening and access restrictions for any remaining exposure.
- Vendor
- Labkotec
- Product
- LID-3300IP
- CVSS
- CRITICAL 9.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-03
- Original CVE updated
- 2026-03-03
- Advisory published
- 2026-03-03
- Advisory updated
- 2026-03-03
Who should care
OT/ICS operators using Labkotec LID-3300IP devices, facility and safety engineering teams, industrial network defenders, and administrators responsible for segmented plant or building automation networks.
Technical summary
The advisory describes an unauthenticated remote attack against Labkotec LID-3300IP ice detector software. According to the CISA CSAF, specially crafted packets can be used to alter device parameters and execute operational commands. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H, reflecting low attack complexity, no privileges, no user interaction, and high integrity/availability impact. Labkotec also notes that the original LID-3300IP cannot implement secure and encrypted network traffic, which is why the vendor recommends replacement with the LID-3300IP Type 2 model and firmware V2.40.
Defensive priority
Immediate
Recommended defensive actions
- Inventory all Labkotec LID-3300IP deployments and verify the device type and software version in the web interface.
- Upgrade affected units to the LID-3300IP Type 2 model and install firmware V2.40, per Labkotec guidance.
- If the device remains in service, place it on a secure internal network with access limited to authorized systems and users only.
- Do not expose the device directly to the public Internet; apply firewall rules, protocol restrictions, and network segmentation.
- Enable HTTPS for management and network traffic where supported, and use the vendor’s recommended ICS hardening practices.
- Change default credentials, review access permissions, and monitor for unexpected parameter changes or operational commands.
Evidence notes
This debrief is grounded in the supplied CISA CSAF advisory JSON for ICSA-26-062-05 / CVE-2026-1775 and its linked official references, including the CISA advisory page and CVE record. Product scope, impact language, CVSS data, and remediation text were taken from the advisory metadata and remediation entries. No exploit code, reproduction steps, or unsupported claims were added.
Official resources
-
CVE-2026-1775 CVE record
CVE.org
-
CVE-2026-1775 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory first published on 2026-03-03. The supplied data does not include a KEV listing or known ransomware campaign association. Vendor remediation guidance in the advisory recommends migration to LID-3300IP Type 2 with firmware V2