CVE-2026-7251

CRITICAL 9.8

Eppendorf BioFlo 320 Use of hard-coded password

CVSS Score

9.8

EPSS Score

0.1%

EPSS Percentile

32th

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.

CWE	CWE-259
Vendor	eppendorf
Product	bioflo 320
Published	May 26, 2026
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for eppendorf bioflo 320

Be the first to know when new critical vulnerabilities affecting eppendorf bioflo 320 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Eppendorf / BioFlo 320

All

References

NVD ↗ CVE.org ↗ EPSS Data ↗

eppendorf.com: https://www.eppendorf.com/software-downloads cisa.gov: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-146-01 github.com: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-146-01.json

Credits

BIO-ISAC reported this vulnerability to CISA.