Critical Infrastructure Alert: Unauthenticated Flaw in Labkotec Ice Detectors Could Freeze Operations

Cybersecurity authorities have issued a stark warning regarding a critical vulnerability in Labkotec’s LID-3300IP, a widely deployed ice detection system integral to the safety and efficiency of wind turbines, airports, and weather stations. The flaw, tracked as CVE-2026-1775 with a severe CVSS score of 9.4, presents a direct risk of “unauthorized control over system operations”.

The LID-3300IP is designed to sense early-stage ice formation on critical structures like wind turbine blades, automatically triggering heating systems or shutting down machinery to prevent catastrophic mechanical failure or “ice throw” hazards to the public.

The security hole exists within the device’s core ice-detector software. Researchers found that the system fails to properly authenticate certain network communications, creating a dangerous opening.

An unauthenticated attacker can “alter device parameters and run operational commands” simply by sending “specially crafted packets” to the device.

By hijacking the detector, an attacker could disable heating logic during freezing conditions or force an emergency stop, leading to “potential safety hazards” and “disruption of normal functionality”.

This vulnerability specifically targets devices connected to an Ethernet network; units operating in isolation remain unaffected.

Labkotec has reported that it is “not possible to implement secure and encrypted network traffic” on the original LID-3300IP hardware. As a result, the recommended fix involves a physical hardware transition.

The vendor is urging all operators to:

1. Upgrade to the newer LID-3300IP Type 2 model.
2. Install the latest firmware version V2.40.
3. Activate HTTPS for all network traffic to provide a baseline of communication security.

For organizations unable to replace hardware immediately, CISA and Labkotec recommend a “defense-in-depth” approach to shield vulnerable units from attack:

• Isolate from the Internet: “Do not connect the device to the public Internet”. Ensure these units reside only on “secure internal networks that adhere to modern security standards”.
• Harden Management Access: Change default credentials immediately and enable secure management access.
• Network Segmentation: Use firewalls and network segmentation to ensure only authorized users and specific hosts can interact with the detector.
• Physical Security: “Control Physical Access” to the devices to prevent manual tampering.