Labkotec LID-3300IP

Act Now9.4ICS-CERT ICSA-26-062-05Mar 3, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Labkotec LID-3300IP ice detector devices fail to enforce authentication controls on network management functions. An attacker with network access can send unauthenticated commands to disrupt ice detection operations. The original LID-3300IP (all versions) cannot be patched due to hardware and firmware design limitations. LID-3300IP Type 2 devices with firmware below V2.40 are also vulnerable. Labkotec recommends upgrading to LID-3300IP Type 2 with firmware V2.40 or later, enabling HTTPS, changing default credentials, and implementing network segmentation and firewall controls. Devices not connected to Ethernet networks are not affected.

What this means

What could happen

An attacker with network access to an unpatched LID-3300IP can bypass authentication and execute commands, potentially disrupting ice detection systems that protect electric utility lines and transformers from ice-related outages.

Who's at risk

Electric utilities and generation facilities that deploy Labkotec LID-3300IP ice detectors on networked substations or transmission line monitoring systems. Affected facilities manage equipment that prevents ice-related equipment failure and line outages.

How it could be exploited

An attacker on the same network segment or with routing access to the device sends unauthenticated commands over unencrypted network traffic. The device lacks proper credential validation and fails to enforce access controls, allowing direct manipulation of ice detector operations.

Prerequisites

Network access to the LID-3300IP on port 80 or equivalent service port
Device must be connected to an Ethernet network
No valid credentials required

remotely exploitableno authentication requiredlow complexityno patch available for original LID-3300IP modelaffects safety systemsdefault credentials

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

LID-3300IP Type 2: <V2.20<V2.20No fix (EOL)

LID-3300IP: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/7

Do now

0/4

WORKAROUNDDisconnect LID-3300IP (original version, all versions) from Ethernet network or replace with LID-3300IP Type 2

HARDENINGChange default credentials on all LID-3300IP devices immediately

HARDENINGEnable HTTPS for device web interface access where available

HARDENINGPlace LID-3300IP devices behind a firewall and restrict network access to authorized management stations only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade LID-3300IP Type 2 models to firmware version V2.40 or later

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: LID-3300IP Type 2: <V2.20, LID-3300IP: vers:all/*. Apply the following compensating controls:

HARDENINGSegment ice detector networks from business networks and the internet

HARDENINGImplement network monitoring and alerting for unauthorized access to ice detector management interfaces

CVEs (1)

CVE-2026-1775

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/71102408-1ea6-4de9-a531-ba22810c43d4