CVE 9.3 CRITICAL

Eppendorf BioFlo 320 Use of hard-coded password_CVE-2026-7251

May 26, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.

AI Analysis

VNC server uses a hard-coded password, allowing remote attackers to gain full control of the user interface

Basic Information

ID CVE-2026-7251

Source icscert

Published May 26, 2026 at 17:06

Modified May 26, 2026 at 18:39

Affected Product

Vendor Eppendorf

Product BioFlo 320

Version All

Affected Versions Eppendorf BioFlo 320 All

CWE Classification

CWE-259

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Eppendorf

Product BioFlo 320

Version All

References

{
    "lastseen": "",
    "description": "Eppendorf BioFlo 320\u00a0is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.",
    "published": "2026-05-26T17:06:46.563Z",
    "modified": "2026-05-26T18:39:20.583Z",
    "type": "cve",
    "title": "Eppendorf BioFlo 320 Use of hard-coded password",
    "source": "icscert",
    "references": "https://www.eppendorf.com/software-downloads\nhttps://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-146-01\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-146-01.json",
    "id": "CVE-2026-7251",
    "bulletinFamily": "",
    "cwe": [
        "CWE-259"
    ],
    "cvelist": null,
    "sourceData": "Eppendorf BioFlo 320 All",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BioFlo 320",
    "version": "All",
    "vendor": "Eppendorf",
    "ai_description": "VNC server uses a hard-coded password, allowing remote attackers to gain full control of the user interface",
    "ai_severity": "Critical",
    "ai_vendor": "Eppendorf",
    "ai_product": "BioFlo 320",
    "ai_version": "All",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply