Remote Access Vulnerability in Eppendorf BioFlo 320 Products
CVE-2026-7251

9.3CRITICAL

Key Information:

Vendor: Eppendorf
Status: Bioflo 320
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-7251?

The Eppendorf BioFlo 320 is susceptible to a vulnerability stemming from its VNC server, which utilizes a hard-coded password. This presents a significant security risk, as a remote attacker who discovers the network address of a BioFlo 320 with remote access enabled can exploit this weakness. By employing the hard-coded password, an attacker could gain unrestricted control over the user interface, allowing access to all control panel features. Additionally, it's important to note that VNC traffic is transmitted without encryption, further exposing the system to potential interception and manipulation.

Affected Version(s)

BioFlo 320 All

References

https://www.eppendorf.com/software-downloads

https://www.cisa.gov/news-events/ics-medical-advisories/i...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

BIO-ISAC reported this vulnerability to CISA.

CVE-2026-7251 Data

JSON