CVE-2026-1775 identifies a critical security vulnerability in the Labkotec LID-3300IP ice detector device, which is widely used for monitoring ice formation and environmental conditions. The root cause is a missing authentication mechanism (CWE-306) for critical functions within the device's ice detector software. This flaw allows an unauthenticated attacker to send specially crafted network packets directly to the device, bypassing any authentication or authorization controls. As a result, the attacker can alter device parameters and execute operational commands remotely, potentially changing how the device behaves or disabling its monitoring capabilities. The vulnerability affects all versions of the product and does not require any user interaction or privileges, making it trivially exploitable over the network. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N) reflects that the attack can be performed remotely with low complexity and no authentication, leading to high impacts on integrity and availability, and some impact on confidentiality. Although no patches have been released yet and no active exploitation has been observed, the vulnerability poses a significant risk to operational technology environments where the device is deployed. The lack of segmentation or network-level protections could allow attackers to disrupt monitoring functions critical for safety and operational continuity. The vulnerability was published on March 3, 2026, and assigned by ICS-CERT, highlighting its relevance to industrial control systems and critical infrastructure protection.

The vulnerability allows unauthenticated remote attackers to manipulate device parameters and operational commands, which can lead to severe consequences including incorrect environmental readings, failure to detect ice formation, or complete device shutdown. This compromises the integrity and availability of the monitoring system, potentially causing unsafe conditions in environments relying on accurate ice detection, such as bridges, roads, or industrial facilities. The confidentiality impact is lower but still present due to possible information disclosure through altered device states. Operational disruptions could lead to safety hazards, increased maintenance costs, and regulatory compliance issues. Organizations using these devices in critical infrastructure or safety monitoring roles face increased risk of targeted attacks aiming to cause physical damage or service outages. The ease of exploitation and lack of authentication requirements make this vulnerability particularly dangerous in unsegmented or poorly secured networks.

1. Immediately isolate the Labkotec LID-3300IP devices from untrusted networks by implementing strict network segmentation and firewall rules that restrict access to trusted management hosts only. 2. Deploy network intrusion detection/prevention systems (IDS/IPS) to monitor and block suspicious packets targeting the device’s communication ports. 3. Implement strict access control lists (ACLs) on network devices to limit traffic to and from the LID-3300IP. 4. Regularly audit network traffic and device logs for anomalous commands or parameter changes indicative of exploitation attempts. 5. Contact Labkotec for any available firmware updates or patches and apply them promptly once released. 6. If possible, disable any unnecessary network services on the device to reduce the attack surface. 7. Consider deploying compensating controls such as VPNs or encrypted tunnels for management traffic to the device. 8. Develop and test incident response plans specific to this device to quickly identify and remediate exploitation attempts. 9. Educate operational technology staff about the risks and signs of exploitation related to this vulnerability.