CISA 2026-05-26

Eppendorf BioFlo 320

CVE-2026-7251

Machine-generated analysis · WAYSCloud LLM

The advisory states that all versions of the Eppendorf BioFlo 320 bioreactor are affected due to a hard-coded password in a VNC server, which could allow full access if remote access is enabled.

Context

The Eppendorf BioFlo 320 is a bioreactor used in laboratory and industrial settings. The advisory states it is vulnerable because its VNC server uses a hard-coded password, allowing full control of the user interface if an attacker knows the device's network address and VNC is enabled. VNC traffic is not encrypted, and the feature can only be enabled locally at the device. Eppendorf has removed VNC access entirely in software version 5.0.

Operator considerations

Check: Verify whether VNC is enabled on the BioFlo 320 controller
Patch: Install Eppendorf BioFlo 320 software version 5.0 or later to remove VNC access
Log: Monitor network traffic for unauthorized VNC connections to BioFlo 320 devices, if accessible

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could allow an attacker to gain full access to functionality and data with the bioreactor.

The following versions of Eppendorf BioFlo 320 are affected:

BioFlo 320 Bioreactor vers:all/*

Vendor

Equipment

Eppendorf

Eppendorf BioFlo 320

Use of Hard-coded Password

Critical Infrastructure Sectors: Healthcare and Public Health

Countries/Areas Deployed: Worldwide

Company Headquarters Location: Germany

The affected product is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.

Eppendorf BioFlo 320

MitigationEppendorf has release...

Read the full advisory on CISA →